· 4 min read

Power of Audience Targeting with Dynamic Groups in SPO

Audience targeting is a great way to show web parts and content based on their member to specific security groups in Azure Active Directory. This post will look at the newest feature in SharePoint Online that allows the use of Dynamic Security Groups.

Audience targeting is a great way to show web parts and content based on their member to specific security groups in Azure Active Directory. This post will look at the newest feature in SharePoint Online that allows the use of Dynamic Security Groups.

Audience targeting is a great way to show web parts and content based on their member to specific security groups in Azure Active Directory. This post will look at the newest feature in SharePoint Online that allows the use of Dynamic Security Groups.

The scenario

Lets say you have a Modern Intranet and you want to show certain resources to groups of people, for example, those in a department, country, office. Audience targeting is a great way to do this, please understand this is not permissions applied to pages, this only a way to show relevant content, using this feature will still mean that all users will see all the pages.

Audience targeting - how it works with pages

However, this requires you setup security groups in Azure Active Directory then assign users to each group, so if you have a large number of users then you would need to manually manage the membership of the groups - This is where the power of Dynamic Groups in combination with audience to automate this process and select users based on a formula using metadata on the user profile.

Of course, the assumption here is that your active directory data is in a good state, e.g. the user profile fields are populated.

To use Dynamic Groups, users will require a Azure Active Directory Premium 1 or 2 license.

What about a script to provision dynamic groups?

The following script will demonstrate creating creating dynamic groups using the PowerShell module Install-AzureADPreview, currently creating dynamic groups using New-AzureADMSGroup cmdlet is a preview feature within the module. You MUST uninstall AzureAD module, if you have that installed.

Note: this is a PowerShell 5 only module ☹️

For this example, lets use department as an example.

Azure AD - Example set of users

The formula for the dynamic group would look like this:


(user.department eq "IT")

To see full reference check out: Supported Properties - Dynamic membership rules for groups in Azure Active Directory


# Use Parameter splatting for all the common parameters
$commonParameters = @{
    MailNickname = "group"
    MailEnabled  = $False
    SecurityEnabled = $True
    GroupTypes = "DynamicMembership"
    MembershipRuleProcessingState = "On"
    Description = "Dynamic group created for departments in Intranet"
}

Connect-AzureAD

New-AzureADMSGroup @commonParameters -DisplayName "Intranet IT Users" -MembershipRule '(user.department -eq "IT")' 
New-AzureADMSGroup @commonParameters -DisplayName "Intranet HR Users" -MembershipRule '(user.department -eq "HR")' 

The script will generate the following groups: Azure AD - Groups created

It’s worth noting that the processing time of the groups may take a little while, so please be patient. Unfortunately, there is no documented timeframe that I can see in the documentation.

Azure AD - Groups processed

I recommend prefixing and have a clear naming convention the groups to make it easier to identify and their purpose, especially considering IT are likely the team that would need to manage or own these groups, a naming convention can make it easier to search in Active Directory.

Where can I use this?

Audience targeting is supported in the following locations:

  • Modern Pages - this is enabled on the library itself and audiences can be assigned to pages.
  • Navigation - enable this on the navigation and audiences can be assigned to navigation links, but for only 10 audiences per link.
  • Events - enable this on the events and audiences can be assigned to events.
  • Web Parts that can consume audience targeted content:
    • Highlighted Content Web Part
    • News Web Part
    • Events Web Part
    • Quick Links Web Part

If you are implementing a Viva Connections Dashboard, you can target cards to show to specific features - additionally, there is a really cool feature that allows you to preview cards for specific audiences, which IMHO should be an option for pages too.

Example of using dynamic groups

The resources


Enjoy!

Back to Blog