[Index]

Model: data/ModelFilterCriteria

Model Filter Criteria

Full HTML Help

Tip

Use the Action search to navigate Automate

Overview

Model filter criteria defines how users (for example, Microsoft Active Directory or MS Entra MSOL user) are matched to corresponding data in Automate to move users and related data to the correct system levels (Customer or Site) on import (in a sync or overbuild), based on one or attributes defined for the model type.

Note

Model filter criteria for LDAP sources is only compatible with Microsoft Active Directory (that is, Microsoft LDAP, not OpenLDAP).

Administrator users with access to the data/ModelFilterCriteria model can manage instances of this model so that these are available for selection in the Site Defaults Doc (SDD) of a site.

The SDD provides options to choose a predefined model filter criteria (depending on the user type). Options are:

In addition, model filter criteria can also be executed directly, in other words outside of the import (sync or overbuild) process. By default, the administrator's default access profile (for the Automate - Admin role) has the Permitted Operation called Execute enabled for model filter criteria. This allows for model filter criteria execution to match and move data from the source hierarchy to the specified target hierarchy.

Related topics

Flow through provisioning (FTP) in the Core Feature Guide.

Create model filter criteria

Pre-requisites:

Perform these steps:

  1. Identify the source and target model and field that will be used in the filter.

  2. Go to Model Filter Criteria.

  3. Click Add to add a new record, or clone an existing model filter criteria and update it to create a new model filter.

  4. Provide a Name, Description, and Usage for the filter.

    For Usage:

  5. From the Type (model type) drop-down, select the source model, for example device/msgraph/MsolUser (MS Entra MSOL users) or device/ldap/user (Microsoft Active Directory users). For Microsoft Defender overbuild, select the relevant device model, for example device/msexchangeonline/QuarantineMessage - see: Microsoft Defender for Office security management and policies.

    Note

    The model type defines the available attributes you can use in the model filter criteria.

  6. Click the Plus sign (+) in the Criteria group to add one or more criteria.

    Each criteria is defined by the following:

Field Description
Unary Operator None, or NOT: to operate on the match Condition with the target value
Attribute The field from the source model, for example City from device/msgraph/MsolUser.
Condition Options are exact and non-exact types of contains and equals, as well as a regex search option.
Value The target value that identifies the site in VOSS Automate. The value can also be a named macro, for example, {{ macro.OVERBUILD_SITE_CITY_NAME }}.
Conditional Operator AND or OR: only needed and used to indicate the type of Boolean combination with the following criteria instance, if an additional instance is added.

  1. Save the model filter criteria.

    You will be able to choose this new model filter criteria in the site's SDD, and it will be, for example, applied in the Microsoft overbuild if Include Site for Overbuild and Microsoft Users is enabled.

    When running the overbuild, the system loops through the site defaults to identify sites with Include Site for Overbuild enabled, and moves related user data to the site based on the chosen model filter criteria rule.

    In this example, all device/msgraph/MsolUser instances synced in will be moved to the site matching {{ macro.OVERBUILD_SITE_CITY_NAME }} if their City value matches.

  2. If required, use the Execute button to run the model filter criteria in order to move matched data.

Microsoft Entra ID groups in model filter criteria

For model filter criteria of Type device/msgraph/MsolUser, the Attribute called Groups.displayName can be used to create a filter for syncing in and automatically onboarding - move and provision users - based on their Microsoft Entra ID group membership.

Important

Consider the following when creating filters using Groups.displayName:

Additional available model filter criteria for device/msgraph/MsolUser

From release 25.1 onwards, the model filter criteria of Type device/msgraph/MsolUser offers additional Attribute values:

City
CompanyName
Country
Department
EmployeeType
extensionAttribute1
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
IsLicensed
Licenses.SkuId
Office
UserPrincipalName
UserType

The use of these attributes in model instance filters allow for the optimization of sync performance and timing, as well as additional filtering functionality in the list view of device/msgraph/MsolUser.

Note

By default, model filter criteria with attribute UserType and value Member is automatically applied to filter the device/msgraph/MsolUser model sync into Automate from the Microsoft tenant. The default filter then allows only import of real users; that is, members only, and not external/guest accounts (where UserType is Guest). While the default filter syncs is only Member user types, you can adjust the model filter criteria to sync in Guest user types from the tenant, if required.

Automatic filtering on member users ships with Automate 25.1. Post-upgrade syncs on existing tenants where external/guest users have previously been synced in won't trigger workflow changes and updates to the existing users.

Microsoft Defender criteria for overbuild

If Microsoft Defender for Office is enabled as a service in global settings, additional model filter criteria are added to allow for the move of MS Defender policies, incidents and alerts.

See:

Microsoft Defender setup, sync and overbuild in the Core Feature Guide

Overbuild for Microsoft in the Core Feature Guide

Related Topics

Microsoft Overview in the Core Feature Guide

Sync to Site with with Flow Through in the Core Feature Guide

Flow Through Provisioning in the Core Feature Guide

This captures criteria for filter rules.

Model Details: data/ModelFilterCriteria

Title Description Details
Name * Name of the Model Filter Criteria.
  • Field Name: name
  • Type: String
Description
  • Field Name: description
  • Type: String
Usage Usage of the Model Filter Criteria, example FTP, Overbuild. This is a free text field and can be used to filter on by usage.
  • Field Name: usage
  • Type: String
Automated Overbuild Flag to set the MFC to be used for automated overbuild scenarios.
  • Field Name: automated_overbuild
  • Type: Boolean
Target Hierarchy The target hierarchy where the data will be moved to if the filter criteria is met.
  • Field Name: target_hierarchy
  • Type: String
Type * This is the model type of the element to check for the filter criteria.
  • Field Name: type
  • Type: String
  • Format: uri
Criteria
  • Field Name: criteria.[n]
  • Type: Array
  • Cardinality: [1..n]
Unary Operator Unary operator NOT or nothing.
  • Field Name: criteria.[n].unary_operator
  • Type: String
  • Choices: ["NOT"]
Attribute * Attribute or property of the element to check.
  • Field Name: criteria.[n].attribute
  • Type: String
Condition * List of string conditions.
  • Field Name: criteria.[n].condition
  • Type: String
  • Choices: ["Contains", "Contains Exactly", "Equals", "Equals Exactly", "Regex Search"]
Value * The value to check against the attribute or property.
  • Field Name: criteria.[n].value
  • Type: String
Conditional Operator The operator to apply to the next step, OR or AND.
  • Field Name: criteria.[n].conditional_operator
  • Type: String
  • Choices: ["AND", "OR"]