Assigned and Dynamic security groups

As an Azure Cloud Engineer, understanding how to use both assigned and dynamic security groups is fundamental. These group types are at the core of identity and access management (IAM) in Microsoft Entra ID (formerly Azure AD), and they directly impact how you control access, enforce policies, and automate user management across cloud resources.

🔹 What Are Assigned and Dynamic Security Groups?

Assigned Groups:

  • You manually add or remove. These are ideal for static teams or special exceptions where tight control is needed.

    • Dynamic Groups:

  • Membership is based onrules (e.g., department = "HR"). Users are automatically added or removed based on their attributes—no manual updates required.

    • In our last project we created the 2 kind of groups you will be working on the most as a cloud engineer, assigned and dynamic groups.

    These are our 2 security groups: Assigned and Dynamic.

    This is our dynamic security group, as you can see we havent assigned a user, but we will shortly.

    Lets go to our users, and lets choose our dear coworker Tom Smith.

    This is Toms information, and you can see he is not assigned to any group yet. Click on edit properties > job information.

    When we created our dynamic group, we had to assign some rules to our dynamic group. Lets remember what Dynamic group rules determine membership based on user or device attributes. The system evaluates these rules continuously or on a schedule, so members are added or removed automatically as their attributes change.

    MORE COMMING UP

    MORE COMMING UP