Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

There may be some cases where you would like to filter the Azure AD records for Users and Groups. Some example cases can be listed as follows:

  • You have a large User database but actually, you don’t need all of them.

  • You don’t want to synchronize inactive users.

  • You are using your user AD for multiple departments or companies, countries and you would like to specify which of them needs to be synchronized.

  • You have a new naming convention for Azure AD groups and you want to sync only the new and nicely organized groupsThere are 4 types of groups and you are interested in only the ones for Office 365.

  • You would like to import only the users owning a specific Microsoft License.

  • … you may have many more reasons to filter the data from your Azure AD.

...

Now, you have the chance to add a filter for your Users and Groups under the Admin tab.

Image Removed
Image Added

The filters need to be formatted according to Microsoft Graph API requirements. You may find some examples below. Please refer to Microsoft Graph API documentation for more details.

Type

Description

Filter

User Filter

Import only the active users.

accountEnabled eq true

User Filter

Import the users based in London city.

city eq 'London'

User Filter

Import users in a country.

country eq 'Ecuador'

User Filter

Import users of two countries.

country eq 'Ecuador' or country eq 'India'

User Filter

Import users of multiple countries.

country in ('Ecuador', 'India', 'Germany')

User Filter

Import users which are having userType as Member

userType eq 'Member'

User Filter

Import active users which are having userType as Member

accountEnabled eq true and userType eq 'Member'

User Filter

Import only Engineering department

department eq 'Engineering'

User Filter

Filter the users who are in Engineering department and also User Type is 'Member”

userType eq 'Member' and department eq 'Engineering'

User Filter

Import users having the usage location as Japan or Great Britain.

Filter Name

Filter

To list

usageLocation in ('JP','GB')

User Filter

Import only the users having a specific license assigned. Here, skuId is the license identifier.

assignedLicenses/any(s:s/skuId eq c42b9cae-ea4f-4ab7-9717-81576235ccac)

Group Filter

Import only Microsoft 365 groups (aka unified groups)

, apply a filter on groupTypes:

Group

Group

groupTypes/any(c:c+eq+'Unified')

Only import Groups starting with “corp”.

Group Filter

Import the groups having a name starting with “team”.

startswith(displayName, '

corp

team')

Only the active users.

Users

accountEnabled eq true

Notes:

  • When using the in operator, the request is limited to 15 expressions in the filter clause. More information.

  • Microsoft Graph API does not allow filtering the Licenses themselves. But you can filter the users according to their licenses as shown in the table above.

  • In case you get an warning message for the groups filter it may be a permission issue. Please review the note regarding the permission scopes on the source configuration page.

  • Each filter works for the specified data set. For example:

    • When a filter is applied for Users → Filtered Users are imported.

    • When a filter is applied for Groups → Filtered Groups are imported.

    • It is not possible to apply a filter to import the intersection area of Filtered Users and Filtered Groups as shown in the diagram below.

Drawio
mVer2
zoom1
simple0
inComment0
custContentId49840129
pageId36929537
lbox1
diagramDisplayNameUntitled Diagram-1697638874147.drawio
contentVer1
revision1
baseUrlhttps://piosoftware.atlassian.net/wiki
diagramNameUntitled Diagram-1697638874147.drawio
pCenter0
width1031
links
tbstyle
height880

Important Note: Microsoft Graph API has some limitations for the filters. For example, not all properties support the filter feature. Since we are using the API with the expand option, advanced filtering is not supported. This means functions like “endsWith” are not supported. In summary, the following examples will not work with the filters due to the limitations of Microsoft Graph API. More information.

Description

Filter

Only the users having the organization's email address.

Users

endsWith(mail,'@organization.com')

Users having an email address.

NOT(mail eq null)

Another way to filter users having an email address.

mail ne null

Import only if the users have a company name that is not Microsoft.

Users

companyName ne null and NOT(companyName eq 'Microsoft')

Do not import the users starting with Conf.

Users

NOT startsWith(displayName, 'Conf')

Do not import the users having user type as Guest

not(userType in ('Guest'))

Import the users in Latium Office location.

officeLocation eq 'Latium Office'

Only the users who are members of a specific group.

N/A

Note

Filtering groups is only available when “Full Throttle” feature is enabled. For more information refer to import configuration page.