Dynamic Group Configuration for Microsoft 365 Collaboration

Configure Rule Syntax for Dynamic Group in Azure AD

Prev Question Next Question

Question

You have a Microsoft 365 subscription.

Your organization is frequently collaborating with external users from different companies.

You have created a dynamic group in Azure AD to automatically add new and old guest users.

How should you configure the rule syntax?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

The correct expression is (user.objectId -ne null) and (user.userType -eq "Guest") - you are adding all users that have an existing user object ID with the user type “guest”.

Dynamic membership rules x save XX Discard QD Got feedback? Configure Rules You can use the rule builder or rule syntax text box to create or edit a dynamic membership rule.© Learn more And/Or Property Operator Value objectid Not Equals null w And userlype Equals Guest w + Add expression -++ Get custom extension properties Rule syntax © 2 edit {user.objectid -ne null) and (user.userType -eq "Guest")

Option A is incorrect.

This is not a valid expression.

Option B is incorrect.

This is not a valid expression.

Option C is incorrect.

This expression will add users with the user type Member - internal tenant users.

To know more about grouping guest users, please refer to the link below:

The correct answer to this question is D. (user.objectId -ne null) and (user.userType -eq "Guest").

Here's a detailed explanation of why:

The question states that the organization frequently collaborates with external users from different companies. In Microsoft 365, these external users are referred to as "guest users" and are added to the organization's Azure AD directory as guest accounts.

The question also states that a dynamic group has been created in Azure AD to automatically add new and old guest users. A dynamic group is a special type of Azure AD group that automatically adds and removes members based on rules or conditions defined by the administrator.

To configure the rule syntax for this dynamic group, we need to specify the conditions that determine which users should be added to the group. In this case, we want to add all guest users, both new and old, to the group.

Option A, "(user.objectId -ne null) and (user.userType -eq "Member")", is incorrect because it looks for users who are not null and have a user type of "Member". This rule would only add members of the organization to the group, not guest users.

Option B, "(user.objectId -e external) and (user.userType -eq "Guest")", is incorrect because it contains a syntax error. The "-e" operator is not a valid operator in Azure AD rule syntax. Additionally, even if we corrected the operator to "-eq", this rule would only add guest users who have "external" in their object ID, which is not a reliable way to identify all guest users.

Option C, "(user.objectId -e external) and (user.userType -eq "Member")", is incorrect for the same reasons as option B. It contains a syntax error and would only add members of the organization, not guest users.

Option D, "(user.objectId -ne null) and (user.userType -eq "Guest")", is the correct answer. This rule looks for users who are not null and have a user type of "Guest", which will identify all guest users in the organization and add them to the dynamic group.

Therefore, the correct configuration for the rule syntax for the dynamic group is: (user.objectId -ne null) and (user.userType -eq "Guest").

Prev Question Next Question