Validate rules for dynamic membership groups in Microsoft Entra ID (Preview)
Microsoft Entra ID provides the means to validate rules for dynamic membership groups (in public preview). On the Validate rules tab, you can validate that rule against sample group members to confirm the rule is working as expected. When you create or update rules for dynamic membership groups, you want to know whether a user or a device is a member of the group. This knowledge helps you evaluate whether a user or device meets the rule criteria and help you troubleshoot when membership isn't expected.
Prerequisites
To evaluate the rule for dynamic membership groups, the administrator must be at least a Groups Administrator.
Tip
Assigning one of required roles via indirect dynamic membership groups is not yet supported.
To validate a rule for dynamic membership groups
To get started, sign in to the Microsoft Entra admin center as at least a Groups Administrator.
Browse to Identity > Groups > All groups.
Select an existing dynamic group or create a new dynamic group and select Dynamic membership rules. You can then see the Validate Rules tab.
On the Validate rules tab, select users to validate their memberships. 20 users or devices can be selected at one time.
After you select users or devices from the picker, and then Select, validation automatically starts and validation results appear.
The results show whether a user is a member of the group or not. If the rule isn't valid or if there's a network issue, the results show as Unknown. If the value is Unknown, the detailed error message describes the issue and actions needed.
You can modify the rule to trigger a new validation of memberships. To see why user isn't a member of the group, select View details and verification details show the result of each expression composing the rule. Then select OK to exit.