DevOps

Azure AD dynamic membership for groups

Posted on

Overview: Dynamic configuration of security-group membership for Azure Active Directory is available in public preview. Administrators can set rules for groups that are created in Azure Active Directory based on user attributes (such as department and country). This allows members to be automatically added to or removed from a security group. These groups can be used to provide access to applications or cloud resources (such as SharePoint sites and documents) and to assign licenses to members. There is no additional charge for this feature. For more information, please visit Dynamic memberships for groups in Azure AD.

If you are familiar with SharePoint Target Audience or Claims based role and access, this Azure AD dynamic membership for groups is not new to you, this is only a different way to consume but this Azure feature will allow organisation to plan their role-based authentication and authorisation for Azure hosted application which includes PAAS and IAAS, Office 365 hosted application like exchange, sharepoint or dynamic 365 CRM application.

You will be able to create AD group add users dynamically based on their AD attribute like Department, location, business area etc.  once you created these AD groups you will be able to use this group to assign permission or target content with in the Azure and office 365 applications.

Note:

You can set up a rule for dynamic membership on security groups or Office 365 groups. Nested group memberships aren’t currently supported for group-based assignment to applications.+

Dynamic memberships for groups require an Azure AD Premium license to be assigned to+

  • The administrator who manages the rule on a group
  • All members of the group

Configuration Steps

  1. In the Azure classic portal, select Active Directory, and then open your organization’s directory.
  2. Select the Groups tab, and then open the group you want to edit.
  3. Select the Configure tab, select the Advanced rule option, and then enter the advanced rule into the text box.

 

 

Advertisements