Audience targeting is a rule that could be applied to a template for defining who can access and use that template, based on the user profile data. Intrinsically, targeting rules are a combination of tags and expressions that are evaluated against a user profile to determine whether a template is shown.
Targeting rules can use user profile information through the following tags:
|user.displayName||User full name (for example "Bob Dirac".)|
|user.userPrincipalName||User UPN. In Active Directory, a User Principal Name (UPN) is the name of a system user in an email address format. A UPN (for example: "email@example.com") consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix). |
Important: A UPN is not the same as an email address. Sometimes, a UPN can match a user's email address, but this is not a general rule.
|user.mail||User email (for example: "firstname.lastname@example.org").|
|user.preferredLanguage||User preferred language in Microsoft 365. |
Language and locale codes are limited to those in the ISO 639-1 standard.
|user.givenName||User given name (for example: "Bob").|
|user.country||User country (for example: "France").|
|user.companyName||User company name (for example: "Contoso").|
|user.department||User department (for example: "Marketing").|
|user.city||User city (for example: "Paris").|
|user.jobTitle||User job title (for example: "Product Manager").|
|user.surname||User surname (for example: "Dirac").|
|user.usageLocation||Office 365 usage location. (for example: "US") |
Rely on the ISO 3166-1 alpha-2 country codes....
|user.groups.direct||All the groups that the user is a DIRECT member of.|
// From France
user.country === 'FR'
// From any country except from Germany
user.country !== 'DE'
Combining multiple criteria
// From France or Belgium, member of the Marketing Department
( user.country === 'FR' || user.country === 'BE' ) && user.department === 'Marketing'
// English speakers from any country
// users with @contoso.com or @contoso.fr in their email domain name
user.mail.includes('@contoso.com') || user.mail.includes('@contoso.fr')
Using groups membership
There are several types of groups, that can be differentiated by their
The response object shown here might be shortened for readability. All the default properties are returned for each group in an actual call.
"@odata.type":"#microsoft.graph.directoryRole", // Standard Azure AD groups, such as the admin roles from your Microsoft 365 environment
"description":"Company Administrator role has full access to perform any operation in the company scope.",
"@odata.type":"#microsoft.graph.group", // Microsoft 365 groups, associated with a team or a SharePoint site.
"description":"A fantastic group!!!",
In this example, we're testing user membership by checking if one of its groups contains the word "Onboarding" in its display name:
// Is a member of an "Onboarding" group
user.groups.direct.some(group => group.displayName.includes('Onboarding'))
Be careful, evaluations are case-sensitive. Therefore to make sure your evaluation work independently of the case, you can use the
toLowerCase function, such as:
In this example, we're testing is the user is a member of a specific group by checking if one of its groups has a specific ID:
// Is a member of a specific group by its ID
user.groups.direct.some(group => group.id === ('a937979b-5dbb-4f54-a405-936046244b0b'))
Azure AD Schema Extension
To use Azure AD schema extensions in your audience targeting rules, please refer to this article
Validate and test your audience targeting rule
A "Check Syntax" button is available to test the rule against the current logged user. You can expect 3 kind of outcomes.
- You would have access
- You would not have access
- An error is detected. In case of error, the technical details are also available, helping you solve the issue. :::