How to Setup Dynamic Security Groups in Entra ID

Niraj Thanki 8/11/2025 11:40:00 pm


If you’ve read my last post on how to create security groups in Microsoft Entra ID, you’ll know I like to keep things simple. This time, I want to talk about something that’s often overlooked but incredibly useful—dynamic security groups.

They’re not flashy, but they do the job well. And if you’re managing users or devices at scale, learning how to setup dynamic security groups in Entra ID will save you time and reduce manual effort.

What Are Dynamic Security Groups in Entra ID?

Dynamic security groups are like smart filters. Instead of manually adding users or devices to a group, you define a rule—and Entra ID takes care of the rest. It’s automation without complexity.


You can create:

  • Dynamic User Groups – based on user attributes like department or location.
  • Dynamic Device Groups – based on device attributes like OS type or version.

These are especially useful when working with Microsoft Intune, conditional access policies, or automated license assignments.

Real-World Examples of Dynamic Group Rules

Here are a few practical examples of how dynamic groups can simplify IT operations:

Department-Based Access
Rule: (user.department -eq "Finance")
Why: Finance users get access to relevant resources without manual updates.


Location-Based Grouping
Rule: (user.physicalDeliveryOfficeName -eq "London")
Why: Apply policies based on office location.


Device Management


Applies to all Windows Devices:

Rule: (device.deviceOSType -eq "Windows")

Applies to all Windows 10 Devices:

Rule: (device.deviceOSType -eq "Windows") -and (device.deviceOSVersion -startsWith "10.0")

Applies to all Windows 11 Devices:

Rule: (device.deviceOSType -eq "Windows") -and (device.deviceOSVersion -startsWith "10.1")

How to Setup Dynamic Security Groups in Entra ID

Step 1:

  • Sign into Entra ID
  • Navigate to Microsoft Entra ID > Groups.



Step 2:
  • Create a New Group.
  • Click + New Group.

Step 3: Configurations

FieldDescription
Group typeSelect Security
Group namee.g., "Finance Dept Access"
Description(Optional) Add a purpose
Membership typeChoose Dynamic User or Dynamic Device

Step 4: Add a Dynamic Query

  • Click Edit
  • Input your rule syntax (see examples above)
  • Click OK to validate






Step 5. Create the Group

  • Review your settings.
  • Click "Create".


Niraj Thanki

Posted by Niraj Thanki