Merge pull request #200399 from curtand/dahl0603

PRMerger15 · web-flow · commit 8e14289f3eed · 2022-06-03T09:11:19.000-07:00
[Azure AD groups] memberOf added to tables
diff --git a/articles/active-directory/enterprise-users/groups-dynamic-membership.md b/articles/active-directory/enterprise-users/groups-dynamic-membership.md
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: overview
-ms.date: 06/02/2022
+ms.date: 06/03/2022
 ms.author: curtand
 ms.reviewer: krbain
 ms.custom: it-pro
@@ -81,10 +81,10 @@ The following are the user properties that you can use to create a single expres
 
 ### Properties of type boolean
 
-| Properties | Allowed values | Usage |
-| --- | --- | --- |
-| accountEnabled |true false |user.accountEnabled -eq true |
-| dirSyncEnabled |true false |user.dirSyncEnabled -eq true |
+Properties | Allowed values | Usage
+--- | --- | ---
+accountEnabled |true false |user.accountEnabled -eq true
+dirSyncEnabled |true false |user.dirSyncEnabled -eq true
 
 ### Properties of type string
 
@@ -101,6 +101,7 @@ The following are the user properties that you can use to create a single expres
 | jobTitle |Any string value or *null* |(user.jobTitle -eq "value") |
 | mail |Any string value or *null* (SMTP address of the user) |(user.mail -eq "value") |
 | mailNickName |Any string value (mail alias of the user) |(user.mailNickName -eq "value") |
+| memberOf | Any string value (valid group object ID) | (device.memberof -any (group.objectId -in ['value'])) |
 | mobile |Any string value or *null* |(user.mobile -eq "value") |
 | objectId |GUID of the user object |(user.objectId -eq "11111111-1111-1111-1111-111111111111") |
 | onPremisesDistinguishedName (preview)| Any string value or *null* |(user.onPremisesDistinguishedName -eq "value") |
@@ -393,12 +394,13 @@ The following device attributes can be used.
  enrollmentProfileName | Apple Device Enrollment Profile name, Android Enterprise Corporate-owned dedicated device Enrollment Profile name, or Windows Autopilot profile name | (device.enrollmentProfileName -eq "DEP iPhones")
  isRooted | true false | (device.isRooted -eq true)
  managementType | MDM (for mobile devices) | (device.managementType -eq "MDM")
+ memberOf | Any string value (valid group object ID) | (user.memberof -any (group.objectId -in ['value'])) 
  deviceId | a valid Azure AD device ID | (device.deviceId -eq "d4fe7726-5966-431c-b3b8-cddc8fdb717d")
  objectId | a valid Azure AD object ID |  (device.objectId -eq "76ad43c9-32c5-45e8-a272-7b58b58f596d")
  devicePhysicalIds | any string value used by Autopilot, such as all Autopilot devices, OrderID, or PurchaseOrderID  | (device.devicePhysicalIDs -any _ -contains "[ZTDId]") (device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881") (device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")
  systemLabels | any string matching the Intune device property for tagging Modern Workplace devices | (device.systemLabels -contains "M365Managed")
 
-> [!Note]  
+> [!NOTE]
 > For the deviceOwnership when creating Dynamic Groups for devices you need to set the value equal to "Company". On Intune the device ownership is represented instead as Corporate. Refer to [OwnerTypes](/intune/reports-ref-devices#ownertypes) for more details. 
 
 ## Next steps
