In my earlier articles, I covered how to create security groups in Entra ID, followed by a deeper dive into dynamic security groups—especially how they can be used to manage devices automatically. Today, I’m extending that conversation by focusing on how to apply the same principles to users—specifically, how to update user attributes in Entra ID so that your dynamic groups can start working for you.
If you haven’t already created a dynamic security group, I recommend checking out my previous article: How to Setup Dynamic Security Groups in Entra ID. It walks you through everything you need to get started.
This article is for those who’ve already created dynamic groups and are now ready to put them into action. To do that effectively, you need to understand how user attributes play a role—and how updating them correctly can trigger group membership, access policies, and automation across your environment.
To build on the dynamic group rule strings I shared earlier, I’m now opening up a set of examples that are specifically focused on users—so you can start applying them in real-world scenarios.
| Purpose | Rule Syntax |
|---|---|
| Department-based group | (user.department -eq "Sales") |
| Job title-based group | (user.jobTitle -eq "Project Manager") |
| Country or region-based group | (user.country -eq "United Kingdom") |
| Office location-based group | (user.physicalDeliveryOfficeName -eq "Wales HQ") |
| User principal name domain | (user.userPrincipalName -contains "@yourdomain.com") |
| Account enabled | (user.accountEnabled -eq true) |
| Multiple conditions (AND) | (user.department -eq "Engineering") -and (user.jobTitle -eq "Developer") |
| Multiple conditions (OR) | (user.department -eq "Marketing") -or (user.department -eq "Sales") |
| Starts with condition | (user.displayName -startsWith "John") |
| Custom attribute (extension) | (user.extensionAttribute1 -eq "Contractor") |
Step 1: Sign in to the Microsoft Entra Admin Center
Go to entra.microsoft.com and log in using your admin credentials.
Go to entra.microsoft.com and log in using your admin credentials.
Step 2: Navigate to the “Users” Section
In the left-hand navigation pane, click on “Users”.
In the left-hand navigation pane, click on “Users”.
Step 3: Find the User You Want to Update
Step 3: Find the User You Want to Update
Use the search bar at the top to locate the user by their name or email address.
Use the search bar at the top to locate the user by their name or email address.
Step 4: Open the User’s Profile
Click on the user’s name from the search results to open their profile page.
Click on the user’s name from the search results to open their profile page.
Step 5: Click “Edit Properties”
On the user profile page, look for the “Edit properties” button or link and click it to begin making changes.
On the user profile page, look for the “Edit properties” button or link and click it to begin making changes.
Step 6: Update the Necessary Attributes
Step 6: Update the Necessary Attributes
You’ll now see editable fields. Common attributes you can update found under 'Job Information' include:
- Job title
- Department
- Office location
- Manager
- Usage location
- Custom attributes (if configured)
You’ll now see editable fields. Common attributes you can update found under 'Job Information' include:
- Job title
- Department
- Office location
- Manager
- Usage location
- Custom attributes (if configured)
Step 7: Save Your Changes
Once you’ve made the necessary updates, click “Save” to apply the changes.
Once you’ve made the necessary updates, click “Save” to apply the changes.
Final Thoughts
Once you've updated the relevant user attributes in Entra ID, your dynamic security groups will begin to function automatically—based on the rule strings you've configured. This means users will be added or removed from groups in real-time, enabling seamless access control, policy enforcement, and automation across your environment.
Keeping attributes accurate isn’t just good practice—it’s the key to unlocking the full potential of identity-driven automation in Microsoft Entra.
