Create a Dynamic Security Group for All Active Users

1. Open Entra Admin Center

Go to: https://entra.microsoft.com

Log in with an account that has the Azure AD Administrator or Global Administrator role.

2. Navigate to Groups

• In the left menu, go to "Groups"

• Click “+ New group”

3. Configure Group Settings

• Group type: Security

• Group name: (e.g., All Active Users)

• Membership type: Dynamic User

• Click “Add dynamic query”

4. Define Dynamic Membership Rule

Use this rule to include all enabled user accounts:

(user.accountEnabled -eq true)

This rule checks if the account is active (i.e., not disabled).

You can optionally filter out guests by adding:

(user.accountEnabled -eq true) and (user.userType -eq "Member")

• Member = internal users

• Guest = external users (B2B)

5. Validate and Save

• Click “Save” to apply the rule

• Click “Create” to create the group

It may take a few minutes for Azure AD to evaluate the rule and populate the group.

Confirm Membership

• Open the group

• Go to the "Members" tab

• Azure will show users who match the rule