Microsoft’s new -le and -ge operators for dynamic group management based on hire dates

Microsoft has recently added the less than or equal (-le) and greater than or equal (-ge) operators to filter users based on their employee hire date attribute (EmployeeHireDate) for dynamic groups. Let’s take a detailed look at Microsoft’s new -le and -ge operators for dynamic group management based on hire dates.

This is a helpful new feature because it gives organizations the possibility to create dynamic groups for onboarding purposes. E.g., send a welcome message to all employees who will start next month. Or grant access to a SharePoint site specifically meant to give information to new employees. But how does it work and what limitations does it have?

How can you use them?

There are two ways to make use of -le and -ge operators. 1) Based on a fixed date. E.g., you want all new employees that started in 2023, you can use the following syntax rule:

(user.employeeHireDate -ge 2023-01-01T00:00:00Z) and (user.employeeHireDate -le 2023-12-31T23:59:59Z)

And it adds all users that have their employee hire date set to a date in 2023:

The second option you’ll get is to filter based on the current date. E.g., you want to send an email daily to all users who will start tomorrow, you can use the following dynamic group rule syntax:

(user.employeeHireDate -ge system.now) and (user.employeeHireDate -le system.now -plus p1d)

And it will give you the following result:

The nice trick here is that ‘system.now’ means the date and time at the servers’ end and not the local date and time you’ll get when you use the get-date cmdlet in powershell. Therefor it can be used in rules for dynamic groups.

The ‘p1d’ stands for ‘plus one day’. And, in combination with the -plus or -minus operators, you can build flexibel dynamic rules based on business requirements.

The limitation here is that Entra ID only seems to accept p1d and not p1w (plus one week) or p1y (plus one year) or other variants.

More information can be found here: Rules for dynamically populated groups membership – Microsoft Entra | Microsoft Learn.

So, there you have it, the new operators for dynamic group management based on hire dates. How would you apply these capabilities in your organization to fulfil their needs?