Everyone, All Users, and Authenticated Users in Azure Active Directory

4
votes

I am using an Azure Analysis Services instance and need to grant access to all authenticated users in the domain. The problem is that I don't see any groups within our Azure AD tenant that resemble "everyone" or "authenticated users". It looks like this is something that can be accomplished with dynamic groups, but I wanted to check and see if maybe I'm overlooking a group that is already available in the tenant by default containing all authenticated users.

Thanks,

Eric Theil

1
azureazure-active-directoryactive-directory-group
Could you query Microsoft Graph? It could fetch more Azure AD Groups than you normally see inside Portal.Win
There is no such a group which conatins the authenticated users and every one. Maybe you can use token with authenticated users to access your resource.:-)Wayne Yang
@win - I don't believe I can query using Microsoft Graph (at least, I don't know how) as the account picker that comes up is built into SSMS/SSDT.EricTheil
@Wayne - I don't believe I have any control over the authentication mechanism, but I can't say that for sure (it's through SQL Server AS). I'm trying to determine if there is some kind of equivalent to the Everyone or Authenticated Users group in Azure AD. If access needs to be granted on an Azure resource to all Azure AD accounts, how can that be accomplished? It looks like some kind of dynamic group is the way to go, but I wanted to make sure there wasn't an existing security group that already contains all Azure AD accounts.EricTheil

1 Answers

4
votes

From https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership:

Create an "All users" rule

You can create a group containing all users within a tenant using a membership rule. When users are added or removed from the tenant in the future, the group's membership is adjusted automatically.

The “All users” rule is constructed using single expression using the -ne operator and the null value. This rule adds B2B guest users as well as member users to the group.

user.objectid -ne null