Conversation
Clarify that the `memberOf` attribute cannot be used with other rules and operators, and add details about processing time and membership updates.
|
@Yebbenbe : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit e75bc4e: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
This PR updates Microsoft Learn documentation to clarify limitations of using the memberOf attribute in dynamic group rules, including constraints around operators and membership processing behavior.
Changes:
- Clarifies that
memberOfcan’t be combined with other dynamic membership rules. - Adds a new limitation describing constraints on changing operators in the preview query.
- Retains/extends guidance about processing time impacts and membership update behavior.
| - When you add members of security groups to `memberOf` dynamic membership groups, only direct members of the security group become members of the dynamic group. | ||
| - You can't use one `memberOf` dynamic group to define the membership of another `memberOf` dynamic group. For example, Dynamic Group A, with members of group B and C in it, can't be a member of Dynamic Group D. | ||
| - The `memberOf` attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail. | ||
| - The `memberOf` attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail. |
There was a problem hiding this comment.
Line has a trailing whitespace at the end of the sentence; please remove it to avoid markdown lint/formatting noise in future diffs.
| - The `memberOf` attribute can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail. | ||
| - The dynamic group rule builder and validate feature can't be used for `memberOf` at this time. | ||
| - The `memberOf` attribute can't be used with other operators. For example, you can't create a rule that states "Members Of group A can't be in Dynamic group B." | ||
| - The operators given in the 'approved' preview query cannot be changed. That is, you cannot create a query for 'not members of X', via wrapping in -not or changing the existing operators (for example, the -in to -notIn) |
There was a problem hiding this comment.
This new limitation is hard to interpret because "approved preview query" isn’t defined elsewhere in the article, and the operators/examples aren’t formatted consistently. Consider rephrasing to remove the unexplained quoted term, use contractions consistent with the surrounding bullets ("can’t"), and format operators as code (for example, -not, -in, -notIn) with a clear example sentence ending in a period.
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Clarify that the
memberOfattribute cannot be used with other rules and operators, and add details about processing time and membership updates.