With dynamic membership rules for groups in Azure Active Directory you can set who should be a member of an AAD group and a Team in Microsoft Teams based on attributes like office, country, department or other attributes that you set in Active Directory

Dynamic membership is a feature that been used for a long time in Exchange and now you can use it in Microsoft Teams to. For each Team you create there will also be an AD Group that can find if you check in the Azure Portal, it is also from the Azure Portal you change from assigned membership to dynamic.

You can create a new Team or Group or use an existing one. If you change an existing group from “Assigned membership” to “Dynamic membership” all existing members will be removed, so make sure that your search query works before changing a group.

License

When you set up dynamic membership for a group each unique user that is hit by the search query you need a Azure AD Premium P1 license. So if you create a group that searches for all user with office “New York” and the result of your search query finds 10 users, all of those 10 users have to have a AAD Premium P1 license. Since you can’t assign a license to guests you invited to Teams you don’t have to get licenses for them, instead you are allowed to use AAD Premium P1 features for 5 guest for each regular user with a AAD PP1.
So if you create a search query that finds 10 guest users you have to have minimum 2  AAD Premium P1 licenses.

Add dynamic membership in Teams

You can do this with Azure Portal or with Powershell, this example is for when you change a existing Team to dynamic membership with Azure Portal.
Start with signing in at https://portal.azure.com and select Azure Active Directory in the left menu.

Select Users in the menu and find a user that you want to be in the Team after you change group membership to dynamic and see that the attributes that you want to search for are really synced for that user object. In this example I will create a dynamic group for all users with Office “Breaking Bad”.

Next select Groups and search for the Group with the same name as your Team. You should see that the group membership type is listed as Assigned, this will be changed now. Open the group by clicking on the group name.

In the group properties change Membership type from Assigned to Dynamic User.

Azure portal will warn you that members might loose existing membership and you have to click Yes to confirm the change and continue.

Now the group is changed to a dynamic group and we can start creating our search query. Click Add dynamic query.

Start creating you query, if you want to create a more advanced query and search for multiple attributes use Advanced rule, now we will use a Simple rule and just search for office name. Save your search when you added you query.

If you check the Overview for your group you will see that the status Membership last updated is still “In Progress”, wait for a while and then i will be updated and you will see the new number members. 

When your group is updated you will see date and time in the Membership last updated field.

Members will be added to your Team and you should see the same number of members as when you checked the group in Azure portal. You will also get a notification that you can’t add or remove members, this should be more informative and inform that group membership is dynamic. It can take a couple of hours from that the group membership is updated in Azure AD until the change is reflected in Teams, so if your Teams is not updated directly wait some extra time and hopefully it will be updated.