/
Filter

Filter

  • New

    • There may be some cases where you would like to filter the Entra ID (Azure AD) records for Users, Groups, or Devices. Some example cases can be listed as follows:

    • You have an extensive User database, but actually, you don’t need all of them.

    • You don’t want to synchronize inactive users.

    • You are using your user directory for multiple departments or countries and you would like to specify which of them needs to be synchronized.

    • There are four types of groups, and you are interested in only the ones for Office 365.

    • You would like to import only users who own a specific Microsoft License.

    • … you may have many more reasons to filter the data from your Entra ID (Azure AD).

     

    Now you can add filters for Users, Groups, and Devices under the Admin tab.

    Screenshot 2025-11-07 at 09.55.06.png
    Screenshot 2025-11-07 at 09.55.06.png

     

    The filters need to be formatted according to Microsoft Graph API requirements. You may find some examples below. Please refer to Microsoft Graph API documentation for more details.

    Type

    Description

    Filter

    Type

    Description

    Filter

    User Filter

    Import only the active users.

    accountEnabled eq true

    User Filter

    Import the users based in London.

    city eq 'London'

    User Filter

    Import users in a country.

    country eq 'Ecuador'

    User Filter

    Import users from two countries.

    country eq 'Ecuador' or country eq 'India'

    User Filter

    Import users from multiple countries.

    country in ('Ecuador', 'India', 'Germany')

    User Filter

    Import users who have userType as Member

    userType eq 'Member'

    User Filter

    Import active users who have userType as Member

    accountEnabled eq true and userType eq 'Member'

    User Filter

    Import only the Engineering department

    department eq 'Engineering'

    User Filter

    Filter the users who are in the Engineering department and also the User Type is 'Member”

    userType eq 'Member' and department eq 'Engineering'

    User Filter

    Import users with a usage location of Japan or Great Britain.

    usageLocation in ('JP','GB')

    User Filter

    Import only the users having a specific license assigned. Here, skuId is the license identifier.

    assignedLicenses/any(s:s/skuId eq c42b9cae-ea4f-4ab7-9717-81576235ccac)

    Group Filter

    Import only Microsoft 365 groups (aka unified groups)

    groupTypes/any(c:c+eq+'Unified')

    Group Filter

    Import the groups whose names start with “team”.

    startswith(displayName, 'team')

    Device Filter

    Import the devices whose names start with “a”.

    startswith(displayName, 'a')

    Device Filter

    Import the devices having a specific Operating System. i.e. Android

    operatingSystem eq 'Android'

    Device Filter

    Import the devices having a specific Operating System. i.e. Android

    operatingSystemVersion eq '15'

    Notes:

    • When using the in operator, the filter clause is limited to 15 expressions. More information.

    • Microsoft Graph API does not allow filtering the Licenses themselves. But you can filter users by license, as shown in the table above.

    • If you get a warning message about the groups filter, it may be a permission issue. Please review the note regarding the permission scopes on the source configuration page.

    • Each filter works for the specified data set. For example:

      • When a filter is applied for Users → Filtered Users are imported.

      • When a filter is applied for Groups → Filtered Groups are imported.

      • When a filter is applied for Devices → Filtered Devices are imported.

    • It is now also possible to apply a filter to import the intersection of Filtered Users and Filtered Groups, as shown in the diagram below. Please review the documentation below: Users in specific Groups (Experimental)

     

     

     

    Important Note: The Microsoft Graph API has limitations on filter support. For example, not all properties support the filter feature. Since we are using the API with the expand option, advanced filtering is not supported.

    Only the ones marked as follows will work.

    The $filter operator works by default for that property.

    Please refer to the Microsoft documentation Legend for more details

    https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#legend

    This means functions like “endsWith” are not supported. In summary, the following examples will not work with the filters due to the limitations of the Microsoft Graph API. More information.

     

    Description

    Filter

    Description

    Filter

    Only the users having the organization's email address.

    endsWith(mail,'@organization.com')

    Users having an email address.

    NOT(mail eq null)

    Another way to filter users by email address.

    mail ne null

    Import only if the users have a company name that is not Microsoft.

    companyName ne null and NOT(companyName eq 'Microsoft')

    Do not import users starting with 'Conf'.

    NOT startsWith(displayName, 'Conf')

    Do not import the users having user type as Guest

    not(userType in ('Guest'))

    Import the users in Latium Office location.

    officeLocation eq 'Latium Office'

    Only the users who are members of a specific group.

    N/A

    Only the Devices having a specific extension attribute value

    extensionAttribute1 eq 'BYOD-Device'