...
You have a large User database but actually, you don’t need all of them.
You don’t want to synchronize inactive users.
You are using your user AD for multiple departments or countries and you would like to specify which of them needs to be synchronized.
There are 4 types of groups and you are interested in only the ones for Office 365.
You would like to import only the users owning a specific Microsoft License.
… you may have many more reasons to filter the data from your Azure AD.
...
Type | Description | Filter |
|---|---|---|
User Filter | Import only the active users. | accountEnabled eq true |
User Filter | Import the users based in London city. | city eq 'London' |
User Filter | Import users in a country. | country eq 'Ecuador' |
User Filter | Import users of two countries. | country eq 'Ecuador' or country eq 'India' |
User Filter | Import users of multiple countries. | country in ('Ecuador', 'India', 'Germany') |
User Filter | Import users which are having userType as Member | userType eq 'Member' |
User Filter | Import active users which are having userType as Member | accountEnabled eq true and userType eq 'Member' |
User Filter | Import only Engineering department | department eq 'Engineering' |
User Filter | Filter the users who are in Engineering department and also User Type is 'Member” | userType eq 'Member' and department eq 'Engineering' |
User Filter | Import users having the usage location as Japan or Great Britain. | usageLocation in ('JP','GB') |
User Filter | Import only the users having a specific license assigned. Here, skuId is the license identifier. | assignedLicenses/any(s:s/skuId eq c42b9cae-ea4f-4ab7-9717-81576235ccac) |
Group Filter | Import only Microsoft 365 groups (aka unified groups) | groupTypes/any(c:c+eq+'Unified') |
Group Filter | Import the groups having a name starting with “team”. | startswith(displayName, 'team') |
NoteNotes:
When using the in operator, the request is limited to 15 expressions in the filter clause. More information.
Microsoft Graph API does not allow filtering the Licenses themselves. But you can filter the users according to their licenses as shown in the table above.
In case you get an warning message for the groups filter it may be a permission issue. Please review the note regarding the permission scopes on the source configuration page.
Each filter works for the specified data set. For example:
When a filter is applied for Users → Filtered Users are imported.
When a filter is applied for Groups → Filtered Groups are imported.
It is not possible to apply a filter to import the intersection area of Filtered Users and Filtered Groups as shown in the diagram below.
| Drawio | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Important Note: It is not possible to filter according to all the attributes or use all the filter operators. The Microsoft Graph API has some limitations for the filters. For example, not all properties support the filter feature. Since we are using the API with the expand option, advanced filtering is not supported. This means functions like “endsWith” are not supported. In summary, the following examples will not work with the filters due to the limitations of Microsoft Graph API. More information.
...