- Mastering Identity and Access Management with Microsoft Azure
- Jochen Nickel
- 305字
- 2021-07-02 12:57:16
Configure dynamic group memberships
In the next section, we will configure straightforward dynamic group memberships to use the department attribute to add users to their department group and build up a dynamic licensing assignment. Group-based licensing currently does not support groups that contain other groups (nested groups).
When enabling dynamic groups, current memberships will be lost.
The usage location of a user needs to be set to assign a license.
As the admin@domain.onmicrosoft.com, choose the Accounting group, navigate to properties, and change the membership type to Dynamic User.
Create a simple rule, department Equals (-eq) Accounting:
Set the department attribute (profile section) on the accounting users Brian Cox and Jeff Simpson to Accounting:
The member should be added automatically. Check the group membership and verify the two new members:
Next, we will provide an automatic licensing solution.
Create the following security group:
- Office 365 full feature licensing
- Group description: Automatic Office 365 Full Feature Licensing
- Membership type: Dynamic User
- Dynamic query: userType -eq Member:
Under Licenses | Products, assign the Office 365 E5 plan. Don't choose any assignment options at the moment:
Wait until the membership has updated and check the license assignment for Don.Hall@domain.onmicrosoft.com.
You will see that the user gets the license through a direct and group-based assignment:
In the next section, we will configure role assignments to administrative units.