How to create a dynamic distribution group in Microsoft Entra ID

IT admins are often tasked with creating dynamic distribution groups in Microsoft Entra ID to automatically manage email distribution lists based on user attributes such as department or location. This can be accomplished through several methods: the native Microsoft Entra admin center, Microsoft Graph PowerShell scripting, or by utilizing other Microsoft 365 management tools like ManageEngine M365 Manager Plus. Let's explore these different approaches below.

Creating a dynamic distribution group using Microsoft Entra ID

You can create dynamic distribution groups directly through the Microsoft Entra ID admin center using the web interface.

1. Sign in to the Microsoft Entra admin center.
2. Navigate to Entra ID > Groups > All groups.
3. Click New group.
4. Select Microsoft 365 as the group type.
5. Enter the Group name and Group description.
6. Set Membership type to Dynamic User.
7. Under Dynamic user members, click Add dynamic query.
8. Configure your membership rules using the visual rule builder:
   • Select Property (for example, department or city).
   • Choose Operator (for example, equals, contains, or starts with).
   • Enter the Value (for example, marketing or New York).
9. Click Validate to test your query and preview group membership.

   

10. Review the settings and click Create to create the dynamic distribution group.

    

Creating a dynamic distribution group in Microsoft Entra ID using Microsoft Graph PowerShell

Prerequisites

Before using the New-MgGroup cmdlet, please verify that the following prerequisites are satisfied:

• The Microsoft Graph PowerShell module is installed. If not, install it using this script:
  Install-Module Microsoft.Graph -Scope CurrentUser
• Connect to Microsoft Graph PowerShell with the required permissions to create a dynamic distribution group in Microsoft Entra ID with this Graph PowerShell script:
  Connect-MgGraph -Scopes "Group.ReadWrite.All"

Using the New-MgGroup command to create a dynamic distribution group in Microsoft Entra ID

The New-MgGroup cmdlet can be used in Microsoft Graph PowerShell to create a dynamic distribution group in Microsoft Entra ID. The syntax for it is given below:

Click to copy the script.

Supported parameters

The following table contains some parameters that can be used along with the New-MgGroup command to create a dynamic distribution group in Microsoft Entra ID efficiently.

An example use case using the New-MgGroup cmdlet

Creating a dynamic distribution group for a particular department

New-MgGroup -DisplayName <'group_display_name'> -MailEnabled $true -SecurityEnabled $false -GroupTypes @("DynamicMembership") -MembershipRule <'membership_rule'> -MembershipRuleProcessingState "On" -MailNickname <'mail_nickname'>

For this cmdlet, replace group_display_name with the display name for your group, membership_rule with your dynamic membership criteria, and mail_nickname with the email alias for the group.

Bulk creation of dynamic distribution groups using PowerShell

# Define multiple departments and their membership rules $departments = @( @{Name=<'department_1_name'>; Rule=<'department_1_rule'>; Alias=<'department_1_alias'>}, @{Name=<'department_2_name'>; Rule=<'department_2_rule'>; Alias=<'department_2_alias'>}, @{Name=<'department_3_name'>; Rule=<'department_3_rule'>; Alias=<'department_3_alias'>} ) # Loop through each department and create dynamic distribution groups for each ($dept in $departments) { try { New-MgGroup -DisplayName $dept.Name ` -MailEnabled $true ` -SecurityEnabled $false ` -GroupTypes @("DynamicMembership") ` -MembershipRule $dept.Rule ` -MembershipRuleProcessingState "On" ` -MailNickname $dept.Alias ` -Description "Dynamic distribution group for $($dept.Name)" Write-Host "Successfully created group: $($dept.Name)" -ForegroundColor Green } catch { Write-Host "Failed to create group: $($dept.Name). Error: $($_.Exception.Message)" -ForegroundColor Red } }

For this command, replace department_1_name, department_2_name, and department_3_name with the display names for your groups, department_1_rule, department_2_rule, and department_3_rule with your dynamic membership criteria for each department, and department_1_alias, department_2_alias, and department_3_alias with the email aliases for each group. You can add or remove department entries as needed for your organization.

Creating a dynamic distribution group in Microsoft Entra ID using M365 Manager Plus

• Log in to M365 Manager Plus and go to Management > Azure Active Directory > Group Management and click Dynamic Distribution Group Creation.
• Select the required Microsoft 365 Tenant, fill in the necessary fields, then click Apply.

  

  Once applied, the group will be created with dynamic membership rules immediately.

Streamline group management with ease

M365 Manager Plus' group management capabilities help you create and manage groups throughout your Microsoft 365 environment. It efficiently handles bulk group operations, provides detailed reporting on group activities, and delivers real-time monitoring of group performance—each through an intuitive interface.

Group reporting

Generate detailed reports on groups to monitor group conditions, membership criteria, and member details across your Microsoft 365 environment.

Customizable group templates

Create and customize group creation templates with predefined values for owners, moderation settings, and membership rules to standardize the group creation process.

GUI-based group management

Manage groups with an intuitive web interface that eliminates complex PowerShell scripting and reduces the risk of configuration errors.

Advanced membership rules

Configure complex membership rules and conditions using department, location, job title, and other user attributes to automatically populate dynamic distribution groups using M365 Manager Plus.

Group member monitoring

View and monitor dynamic distribution group members in real time to ensure membership rules are working correctly and users are properly included or excluded with M365 Manager Plus.

Bulk group creation with CSV

Create multiple groups in bulk using CSV files with predefined group details, eliminating the need for PowerShell scripts or manual one-by-one creation.

In summary, M365 Manager Plus provides comprehensive group management capabilities that help administrators stay informed about group activities and safeguard against potential security risks. With its vast set of features, you can efficiently manage your Microsoft 365 groups from a single, intuitive console.

Important tips

• Test membership rules in a test environment before deploying to production to ensure rules work as expected and don't inadvertently include or exclude users.
• Monitor group membership changes regularly to verify that dynamic rules are populating groups correctly and users have appropriate access permissions.

Ensure that the attribute used for your dynamic group rules is correctly entered in user profiles. Incorrect or missing attributes will prevent users from being added to groups automatically.