Today’s we’re trying something new – a quick “how-to” post. Rob De Jong is the PM who owns our self-service group and dynamic group features. Here he’s going to walk you through using Dynamic Groups with SharePoint online.
I hope you’ll find this useful. Let us know what you think!
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division
Rob De Jong here. Today I want to tell you about a very powerful feature in Azure Active Directory is the ability to manage access to SharePoint Online through a dynamic group. Often, directory administrators need to provide access based on a user’s department, location or job title, or maybe some other attribute or combination of attributes. And usually this information is available, perhaps in an HR system or in a local directory. If these attributes are synced to Azure AD then it is easy to use them in a dynamic group to manage access. This is sometimes also referred to as “Attribute Based Access Control”, or ABAC.
In this video I’m showing how to configure a group in your directory to provide dynamic, attribute-based access to a SharePoint site. You could use the same approach to manage SaaS applications, assign licenses or even manage access to on premises resources.
Note that, since the dynamic group feature supports standard user attributes as well as extension attributes and custom attributes, you can use virtually all attributes in your on premises AD to sync to Azure AD and drive a dynamic group to provide access to resources in your directory.
Here you can read more about dynamic groups in Azure AD. Please note that dynamic groups require an Azure AD Premium license assigned to all members of the dynamic group.