The principal problem is, you can't set a policy on a dynamic group. The idea behind is that dynamic groups are generally not disjoint (a single machine can be in any number of dynamic groups) and so the definition would be ambiguous (and likely inconsistent).
You can run tasks on dynamic groups, but can't set policies on them.
Anyway, it's quite easy to define dynamic groups by IP addresses (see attached screenshot).