1. Go to Azure Ad https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview
  2. Groups 
  3. New Group 
  4. A screenshot of a computer Description automatically generatedMake sure the Group Type is Security (if you choose 365 group a Teams, Sharepoint, Distribution group will be created. )
    1. Under Group name use the following naming convention SG-*Service*-*Description* (for general use leave service blank) 
      1. SG-Ross (General use group for all users in Ross office)
      2. SG-Intune-WallpaperExemption (Group for users to be exempt from an Intune policy) 
  5. Change Membership type to Dynamic User A screenshot of a computer Description automatically generated with medium confidence
  6. Click Add Dynamic Query
  7. Fill in the criteria wanted for the group
    1. A screenshot of a computer Description automatically generated with medium confidenceThe first line should always be AccountEnabled Equals True so that no disabled or blocked users are in it
  8. Once you think your rules are correct click “Validate Rules” 
    1. A screenshot of a computer Description automatically generated with medium confidenceClick Add users then add a couple of users that should be in the group and a couple that should not. 
    2. Once you are happy that it is working as should be click save
  9. Click create wait for 5-10 mins the check the group has the correct people inside it. A screenshot of a chat Description automatically generated with low confidence