The following are the quick Azure AD dynamic device groups rules or queries which I use as an Intune admin to build a lab environment. I used these queries in the recent Free Intune Training episode #8 Day #8 Free Intune Training 📌Azure AD Static Groups 📌Azure AD Dynamic Groups for Intune Mgmt
Company Owned Devices – Azure AD Dynamic Device Group
Let’s find out cooperate owned devices from your Azure AD tenant. You can use this to target policies or applications if needed. This includes all cooperate or company owned devices.
- Windows
- macOS
- iOS
- iPadOS
- Android
(device.deviceOwnership -eq "company")
All Windows Devices – Azure AD Device Group
The following Azure AD rule shall help Intune admin to collect all Windows devices in the tenant. You can use this AAD device group to deploy applications and policies.
(device.deviceOSType -eq "Windows")
Azure AD Dynamic Device Group with Display Name
In case if you as Intune admin wants to create a Azure AD dynamic group depending on the naming convention of the devices. The following rule or query will collect all device display name starts with “Intune.”
(device.displayName -startsWith "Intune")
Azure AD Dynamic Group for Personal Devices
Let’s find out personal devices from your Azure AD tenant. You can use this to target policies or applications if needed. This includes all cooperate or personal devices.
- Windows
- macOS (?)
- iOS
- iPadOS
- Android
(device.deviceOwnership -eq "Personal")
Users Based on Usage Location – Dynamic User Group
Country code for India is IN. Create a Azure AD dynamic user group based on usage location India.
https://github.com/rgl/azure-content/blob/master/articles/cdn/cdn-country-codes.md
(user.usageLocation -eq "IN")
Recording – Azure AD Dynamic Device Group
Resources
- How to Create Azure AD Dynamic Device Groups for Windows BYOD and CYOD Devices
- Dynamic membership rules for groups in Azure Active Directory
“Let’s find out cooperate owned devices ” should be “corporate”