Let’s check how to create AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops. The Azure AD dynamic groups are required to deploy policies and applications to AVD session hosts using Intune.
Azure AD join and Intune support are also coming soon, as per the latest blog post from Microsoft. You can read more details in the following post – Azure Virtual Desktop Azure AD Join Support with Intune Management | Endpoint Manager | WVD.
I have a post about creating WVD Azure AD dynamic device groups for Windows 10 single session operating system with DisplayName properties.
You also can create Intune assignment filters to have more flexible logic for app and policy assignment – MEM Intune: Create Assignment Filters For Azure Virtual Desktop Single Session Windows 10.
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session
Let’s create Azure AD Dynamic Device Group for Windows 10 Enterprise for Virtual Desktops. This dynamic Azure AD device group is based on operating system type.
- Open portal.azure.com
- Navigate to Azure Active Directory -> Groups – All Groups.
- Click on “+ New Group“.
- Select Security – Group Type from the drop-down option.
- Enter Group Name “WVD-Devices-Multi-Session” (any name is fine).
- Enter Group Description “WVD-Devices-Multi-Session” (any description is fine).
- Select Dynamic Device as Membership type.
- Click on Add Dynamic Query under Dynamic Device Members.
Hover over the properties column so that you get an option to select Azure Active Directory, dynamic device groups, for Windows 10 multi-session based on Device OS Type.
On the Dynamic Membership Rules blade, select deviceOSType property column drop-down options.
From the operator column, you can select the option name “Equals” to select the hostname of Azure Virtual Desktop (a.k.a WVD) session hosts.
The device OS type is equal to “Windows 10 Enterprise for Virtual Desktops”. You can enter the device OS type as shown in the below screenshot in the value column.
Click on SAVE and CREATE button to complete the process of building Azure AD dynamic device group creation.
Dynamic Query – Windows 10 Enterprise for Virtual Desktops
You can use the following Azure AD device dynamic query to create Windows 10 multi-session AAD dynamic groups.
(device.deviceOSType -eq "Windows 10 Enterprise for Virtual Desktops")
You can check the members of the dynamic device group from the Members tab in the Azure AD Device group. You can also validate Azure AD Dynamic Group Rules | Intune.
- Dynamic membership rules for groups in Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects
- Validate Azure AD Dynamic Group Rules | Intune
- How to Create Azure AD Dynamic Device Groups for Windows BYOD CYOD Devices Microsoft Intune
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.