Did you ever want to act on a change in group membership in Azure AD, for example, when a user is added to or removed from a specific group? I have found an easy way to do this with the use of Power Automate. You can use this for a lot of use-cases.
What do we need?
For this solution, we use the Office 365 Groups connector in Power Automate that holds the trigger: ‘When a group member is added or removed‘. Now despite the connector being called Office 365 Groups (which should be renamed anyway), this will work with both Microsoft 365 groups and security groups in Azure AD. All we need is the ObjectId of the group. So this will be the trigger for our flow.
Now, this feature is not documented very well, so to determine whether a user is added or removed we have to use an expression. The reason for this is the limited response when a user is added.
So we are swooping in a condition and use the following expression:
empty(triggerBody()?['@removed']?['reason'])
When the result is true, the user is added, when the result is false, the user is deleted from the group.
We also want to grab some details about the user and group, so that we can use that in our further steps. The flow will look like this:
Now, in this case, we are sending an email to the affected user, but this can also be a chat message via Teams for example.
Download the example from Github
More info on the connector: Office 365 Groups – Connectors | Microsoft Docs
Thank you Jan, this is excellent and very useful!
This saved my day. Thank you!
thanks alot of information goodjob
So helpful!
Hey Jan, this is awesome! Do you know if it’s possible to use this for devices being added to a security group, as opposed to users?
Good question, I don’t know the exact answer, but I assume it would be triggered when any supported object is added to the group.
Is there a way of getting and then adding the person that made the change to the email content?
Bedankt Jan, hier was ik naar op zoek.