In this example, we are creating a dynamic device group for Windows 11 Surface Laptops
Find device model using wmic
Get the device model using command line wmic
Open Command Prompt
wmic computersystem get model
Find Windows version using command line
Get Windows Operating System version using systeminfo
Open Command Prompt
systeminfo | findstr /B /C:"OS"
Windows 10 and 11 OS version numbers
Windows 10 version numbers start with 10.0.1
Windows 11 version numbers start with 10.0.2
Create Entra ID Dynamic Device Group
Device properties
Here is a quick list of device properties you might find useful when creating dynamic groups
| Property | Operator | Example Value | Notes |
| deviceModel | Contains | Surface Laptop 5 | |
| deviceOSType | Contains | Windows | |
| deviceOSVersion | Starts With | 10.0.1 | Windows 10 |
| deviceOSVersion | Starts With | 10.0.2 | Windows 11 |
| deviceOwnership | Equals | Company | Corporate owned device |
New Dynamic Device Group
Entra ID - Groups - New Group
Group type: Security
Group name: Windows 11 - Surface Laptop 5
Membership type: Dynamic Device
Add dynamic query
Dynamic group membership rules
Rule syntax - Edit
Example: Surface Laptop 5, Windows 11, corporate owned laptops
Enter the following dynamic device membership rule and click OK
(device.deviceModel -contains "Surface Laptop 5") and (device.deviceOSType -contains "Windows") and (device.deviceOSVersion -startsWith "10.0.2") and (device.deviceOwnership -eq "Company")
Validate dynamic membership rules
Test the membership rules by selecting some devices to see if they will be included or excluded from the dynamic group
Validate rules - Add devices
Tick the devices you want to test, then click Select
Dynamic membership status
Click View details to see more information about how the membership rules were processed
Click save, then Create
Subscribe
Report