This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 61%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
What fields can I use in a dynamic membership rule for dynamic group membership to exclude membership from those who have not changed their password in over six months? Or to exclude those who have not logged on in over 4 months?
I can write the queries but I don't know the field names I need.
Looks like I need an answer from a human.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Hi @Patrick Johnson
Thank you for posting your issue on Microsoft Q&A.
I understand that you are trying to create dynamic membership rules in Azure Active Directory for excluding users based on password change or login activity.
You cannot create such dynamic group for excluding users based on password change or login activity, as the corresponding property is not supported for dynamic membership queries.
Kindly refer the article that lists the currently supported properties: https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#supported-properties
You can use a different property or create an assigned membership group and update it periodically.
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click `Accept Answer` and `Yes`.
Thanks,
B. Siri Chandana.
It answered my question. So I will probably need to use both a different property and an assigned membership group that is updated periodically.
Sorry, I can't help with this. Please try again or share your feedback.