SCIM Provisioning Group

Wizer allows you to provision all users utilizing System for Cross-domain Identity Management (SCIM). If you already have an all-users group can assign that group during the SCIM provisioning process found here: Azure SCIM - Automatic User Provisioning (wizer-training.com) or if you need a new group, you can follow the rules below to create a dynamic security group for all licensed users with an exchange mailbox.

Process

  1. Navigate to Microsoft Entra admin center

  2. Select groups → All groups

  3. Select New group

  4. Create the new group

    1. Group type: Security

    2. Group name: Provide a name

    3. Group description: Users for Wizer SCIM Provisioning

    4. Microsoft Entra roles… No

    5. Membership type: Dynamic User

    6. Select Edit dynamic query

      1. Select Edit on the right side and paste the Dynamic query below.

      2. Save

        image-20240207-152312.png
    7. Finally select Create to create the group.

Dynamic Query

(user.assignedPlans -any (assignedPlan.servicePlanId -eq "9aaf7827-d63c-4b61-89c3-182f06f82e5c" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0" -and assignedPlan.capabilityStatus -eq "Enabled")) or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "4a82b400-a79f-41a4-b4e2-e94f5787b113" -and assignedPlan.capabilityStatus -eq "Enabled"))

 

This group can now be used when following the Azure SCIM - Automatic User Provisioning steps listed by Wizer so it only pulls users that are licensed with an assigned exchange mailbox.