Microsoft Entra offers an excellent feature that allows users to create a Microsoft 365 group based on a set of rules. These rules can dynamically query user attributes to identify specific matching conditions. For instance, one can create a dynamic membership rule that adds users to a particular group based on their “state” property. For example, if a user’s “state” property contains “Hyderabad,” they will be added to the M365 group.
I was recently working with my partner who asked me how to create a dynamic membership rule that can query for users having a specific license plan such as M365 E3 or E5. Although it is easy to find this information in the M365 admin portal and create a group with assigned membership, they wanted a dynamic group membership rule.
Creating a dynamic membership rule requires you to query something that is unique to the M365 or M365 E5 license plan. Therefore, to get all the SKU’s and SKU ID’s that exist in your tenant, you need to connect to your tenant using the Microsoft Entra Powershell module.
Here are a few SKU ID’s attached for reference to use for a dynamic group. It might take some effort, but it is not too difficult.
For your reference, I am creating a dynamic group in Intune license. This group will be used for a MAM policy to allow BYOD devices to access company corporate data securely. I will also use this dynamic group for an App protection policy. Rule syntax is below one.
(user.assignedPlans -any (assignedPlan.servicePlanId -eq “c1ec4a95-1f05-45b3-a911-aa3fa01094f5” -and assignedPlan.capabilityStatus -eq “Enabled”))
