Azure Entra IDHow to create simpler, more efficient rules for dynamic groups in Microsoft Entra ID

How to create simpler, more efficient rules for dynamic groups in Microsoft Entra ID

A dynamic group allows you to create rules to manage the group membership. Users and groups are added or removed if they meet the conditions defined by the rules. This page shows you how you can create rules that are simple and as efficient as possible.

1. Minimize use of the MATCH operator

Minimize the use of the match operator and try using startswith and -eq( helps you check whether two values are equal) operators instead.

Avoid using rules like

  • user.city -match "ago"
  • user.city -match ".*?ago.*"

It's better to use rules like

  • user.city -startswith "Lag"

Or, best of all,

  • user.city -eq "Lagos"

2. Minimize use of the CONTAINS operator

Minimize the use of the contains operator as it can increase the processing time, especially for tenants with dynamic groups. Try using the startswith or -eq operators instead.

3. Use fewer OR operators

Instead of the -or operator, use the -in operator (helps you check whether a value exists in a set) to group the various values into a single criterion to make the rule easier to evaluate. For example, instead of having a rule like this.

        (user.department -eq "Accounts" -and user.city -eq "Lagos") -or 
        (user.department -eq "Accounts" -and user.city -eq "Ibadan") -or 
        (user.department -eq "Accounts" -and user.city -eq "Kaduna") -or 
        (user.department -eq "Accounts" -and user.city -eq "Abuja") -or 
        (user.department -eq "Accounts" -and user.city -eq "Port Harcourt")
 Copied

Click to copy entire script

It's better to have a rule like this.

  • user.department -eq "Accounts" -and user.city -in ["Lagos", "Ibadan", "Kaduna", "Abuja", "Port Harcourt"]

4. Avoid redundant criteria

Avoid using redundant criteria in your rule. For example, instead of using a rule like this

  • user.city -eq "Lagos" or user.city -startswith "Lag"

It's better to use a rule like this

  • user.city -startswith "Lag"

Reporting, auditing, and management tool for Entra ID

M365 Manager Plus is an extensive Microsoft 365 tool used for reporting, managing, monitoring, auditing, and creating alerts for critical incidents. With M365 Manager Plus, you can:

  • Perform bulk operations like password resets and account unlock without using PowerShell scripts.
  • Report and audit with over 700 pre-packaged reports to track changes and get better visibility on your services.
  • Automate routine tasks like user provisioning, stale group cleanup, and mailbox management operations.
  • Monitor the health of Microsoft 365 services and get notified on critical activities and outages.
  • Create custom granular roles to delegate Microsoft 365 administration to technicians.

One-stop solution for your Microsoft 365 management needs.

Try now for free

 

Streamline your Microsoft 365 governance and administration with M365 Manager Plus

Get Your Free Trial

Related Resources

 
x
A holistic Microsoft 365 administration and security solution
HighlightsReportingAuditingManagementMonitoringRelated products
 
x