Skip to content

Act on group membership changes in Azure Active Directory

Did you ever want to act on a change in group membership in Azure AD, for example, when a user is added to or removed from a specific group? I have found an easy way to do this with the use of Power Automate. You can use this for a lot of use-cases.

What do we need?

For this solution, we use the Office 365 Groups connector in Power Automate that holds the trigger: ‘When a group member is added or removed‘. Now despite the connector being called Office 365 Groups (which should be renamed anyway), this will work with both Microsoft 365 groups and security groups in Azure AD. All we need is the ObjectId of the group. So this will be the trigger for our flow.

Now, this feature is not documented very well, so to determine whether a user is added or removed we have to use an expression. The reason for this is the limited response when a user is added.

So we are swooping in a condition and use the following expression:

empty(triggerBody()?['@removed']?['reason'])

When the result is true, the user is added, when the result is false, the user is deleted from the group.

We also want to grab some details about the user and group, so that we can use that in our further steps. The flow will look like this:

Now, in this case, we are sending an email to the affected user, but this can also be a chat message via Teams for example.

Download the example from Github

More info on the connector: Office 365 Groups – Connectors | Microsoft Docs

8 thoughts on “Act on group membership changes in Azure Active Directory”

  1. Hey Jan, this is awesome! Do you know if it’s possible to use this for devices being added to a security group, as opposed to users?

    1. Good question, I don’t know the exact answer, but I assume it would be triggered when any supported object is added to the group.

Leave a Reply

Your email address will not be published. Required fields are marked *