Skip to main content

Create an Entra ID dynamic device group for Company owned devices

How to create a Microsoft Entra ID (Azure AD) dynamic device group for Company owned Windows devices to use with Intune assignments

Dynamic device group for Company devices

You can use this dynamic device group to target Corporate devices and not BYOD (personal) devices. This group can be used for Intune assignments where you want to include all Company managed computers and exclude BYOD laptops

Create new Entra ID dynamic group

Microsoft Entra ID
Groups 

Entra ID dynamic groups

New group

Create new Entra ID dynamic group

Dynamic group settings

Group type: Security
Group name: Windows Company Devices
Membership type: Dynamic Device

Click Add dynamic query

Entra ID dynamic group settings

Dynamic group membership rules

Configure Rules
Rule syntax - Edit

Edit dynamic group rule syntax

Enter the rule syntax and click OK

(device.deviceOSType -contains "Windows") and (device.deviceOwnership -eq "Company")

Enter the dynamic group rule syntax

Click Save

Dynamic group click save

Click Create

Dynamic group click create

Validate dynamic group membership rules

Dynamic membership rules
Validate rules - Add devices

Validate dynamic group membership rules

Select a BYOD (personal) device and a company device

Select devices to validate rules

Dynamic group validation results

Reference:
Dynamic membership rules for groups in Microsoft Entra ID
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership

 

Subscribe

1000 Characters left

Filter articles by tag