Skip to Content
Microsoft 365Entra IDDynamic Membership Rules

Dynamic Membership Rules

Useful membership rules for Entra ID dynamic groups.

All Licnesed Users with Specific Domain

(user.userPrincipalName -contains "domain.com") and (user.assignedPlans -any (assignedPlan.capabilityStatus -eq "Enabled"))

All Users with Specific Domain

(user.userPrincipalName -contains "domain.com")

All Active Members (No Guests)

(user.userType -eq "Member") and (user.accountEnabled -eq true)

Guest Users Only

(user.userType -eq "Guest")

By Department

(user.department -eq "IT")

Replace IT with your department name.

By Job Title

(user.jobTitle -contains "Manager")

By Country/Region

(user.country -eq "United Kingdom")

By Office Location

(user.physicalDeliveryOfficeName -eq "Edinburgh")

All Licensed Users

(user.assignedPlans -any (assignedPlan.capabilityStatus -eq "Enabled"))

Combining Multiple Conditions

(user.department -eq "IT") and (user.accountEnabled -eq true) and (user.userType -eq "Member")
Last updated on
OverviewConditional Access Policies