Creating a dynamic membership rule to add users active in the last 30 days

Question

Within Entra ID, you can manually export a list that shows users with activity within the last 30 days via the "Last interactive sign-in time" filter.

To automate this process, I'm attempting to create a dynamic rule that will only include users that were active in the last 30 days.

Copilot provided the following response, but it doesn't work:

Any help is appreciated.

---

It looks like the lastSignInDateTime attribute isn’t supported for dynamic membership rules in Microsoft Entra ID. Let’s try a different approach to achieve your goal.

Instead of using lastSignInDateTime, you can use the signInActivity attribute, which is supported. Here’s how you can adjust your rule:

1. Check if the signInActivity attribute is available for your users. This attribute records the last sign-in date and time.
2. Use the signInActivity attribute in your rule:

(user.signInActivity.lastSignInDateTime -ge addDays(now(), -30)) 

If signInActivity is not available, you might need to use a different attribute or approach to filter users based on their activity. You can also refer to the Microsoft documentation on dynamic membership rules for more details on supported attributes and examples.

If you continue to face issues, please let me know the exact error message, and we can troubleshoot further!

Answer 1

Sign in is not a supported property:

https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#supported-properties

You would need to export the list or write a script to capture the users, then upload that list to the group on a scheduled basis