Learn how dynamic group membership works in Azure AD based on user attributes like city. Understand how the -contains and -match operators affect group membership.
Table of Contents
Question
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.
Scenario: Contoso.com contains the users shown in the following table.
| Name | City | Role |
|---|---|---|
| User1 | Montreal | Global administrator |
| User2 | MONTREAL | Security administrator |
| User3 | London | Privileged role administrator |
| User4 | Ontario | Application administrator |
| User5 | Seattle | Cloud application administrator |
| User6 | Seattle | User administrator |
| User7 | Sydney | Reports reader |
| User8 | Sydney | None |
Contoso.com contains the security groups shown in the following table.
| Name | Membership type | Dynamic membership rule |
|---|---|---|
| Group1 | Dynamic user | user.city -contains “ON” |
| Group2 | Dynamic user | user.city -match “on” |
NOTE: Each correct selection is worth one point.
Group1:
- No members
- Only User2
- Only User2 and User4
- User1, User2, User3, and User4
Group2:
- No members
- Only User3
- Only User1 and User3
- User1, User2, User3, and User4
Answer
Group1 membership: Only User2 and User4
Group2 membership: User1, User2, User3, and User4
Explanation
Group1 membership: Only User2 and User4
Explanation: The dynamic membership rule for Group1 uses the -contains operator, which matches exact substrings. The rule user.city -contains “ON” will include users whose city attribute contains the exact substring “ON”. This matches User2 (MONTREAL) and User4 (Ontario).
Group2 membership: User1, User2, User3, and User4
Explanation: The dynamic membership rule for Group2 uses the -match operator, which does a case-insensitive match. The rule user.city -match “on” will include any users whose city attribute contains “on”, regardless of case. This matches:
- User1 (Montreal)
- User2 (MONTREAL)
- User3 (London)
- User4 (Ontario)
In summary:
- The -contains operator does an exact, case-sensitive substring match
- The -match operator does a case-insensitive substring match
- This results in Group1 containing User2 and User4, while Group2 contains User1, User2, User3, and User4 based on their city attributes.
Microsoft AZ-500 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.