Did you ever want to act on a change in group membership in Azure AD, for example, when a user is added to or removed from a specific group? I have found an easy way to do this with the use of Power Automate. You can use this for a lot of use-cases.
What do we need?
For this solution, we use the Office 365 Groups connector in Power Automate that holds the trigger: ‘When a group member is added or removed‘. Now despite the connector being called Office 365 Groups (which should be renamed anyway), this will work with both Microsoft 365 groups and security groups in Azure AD. All we need is the ObjectId of the group. So this will be the trigger for our flow.
Now, this feature is not documented very well, so to determine whether a user is added or removed we have to use an expression. The reason for this is the limited response when a user is added.
So we are swooping in a condition and use the following expression:
empty(triggerBody()?['@removed']?['reason'])
When the result is true, the user is added, when the result is false, the user is deleted from the group.
We also want to grab some details about the user and group, so that we can use that in our further steps. The flow will look like this:
Now, in this case, we are sending an email to the affected user, but this can also be a chat message via Teams for example.
Download the example from Github
More info on the connector: Office 365 Groups – Connectors | Microsoft Docs
Thank you Jan, this is excellent and very useful!
This saved my day. Thank you!
thanks alot of information goodjob
So helpful!
Hey Jan, this is awesome! Do you know if it’s possible to use this for devices being added to a security group, as opposed to users?
Good question, I don’t know the exact answer, but I assume it would be triggered when any supported object is added to the group.
Is there a way of getting and then adding the person that made the change to the email content?
Bedankt Jan, hier was ik naar op zoek.
Dear All,
Want to pick “all” your brains around the “When a group member is added or removed”.
I have scenario where I have 30+ Security Groups to monitor and if a member is added to one the groups it should trigger the flow. With the current Trigger I would have to replicate my flow 30+ times which is a bit “cumbersome”.
Would be awesome if there would be a way to have the trigger being trigger if Group ID is part of a list of Group ID’s.
Any thoughts Jan or anyone else?
Sure thing.
You can use subscriptions for that.
Check https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-beta
You’ll need automation (Logic Apps) to create and refresh the subscriptions for groups, and a another endpoint to act as notificationUrl
Hi, the “when group member is added” connector does not show up in my list of Office 365 Group Connectors. Could this connector have been removed?
Sorry I was looking under “actions” and not “triggers” Nevermind