AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

Let’s check how to create AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops. The Azure AD dynamic groups are required to deploy policies and applications to AVD session hosts using Intune.

Azure AD join and Intune support are also coming soon, as per the latest blog post from Microsoft. You can read more details in the following post – Azure Virtual Desktop Azure AD Join Support with Intune Management | Endpoint Manager | WVD.

I have a post about creating WVD Azure AD dynamic device groups for Windows 10 single session operating system with DisplayName properties.

You also can create Intune assignment filters to have more flexible logic for app and policy assignment – MEM Intune: Create Assignment Filters For Azure Virtual Desktop Single Session Windows 10.

Patch My PC

AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session

Let’s create Azure AD Dynamic Device Group for Windows 10 Enterprise for Virtual Desktops. This dynamic Azure AD device group is based on operating system type.

AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
  • Select Security – Group Type from the drop-down option.
  • Enter Group Name “WVD-Devices-Multi-Session” (any name is fine).
  • Enter Group Description “WVD-Devices-Multi-Session” (any description is fine).
  • Select Dynamic Device as Membership type.
  • Click on Add Dynamic Query under Dynamic Device Members.
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

Hover over the properties column so that you get an option to select Azure Active Directory, dynamic device groups, for Windows 10 multi-session based on Device OS Type.

On the Dynamic Membership Rules blade, select deviceOSType property column drop-down options.

AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

From the operator column, you can select the option name “Equals” to select the hostname of Azure Virtual Desktop (a.k.a WVD) session hosts.

Adaptiva
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

The device OS type is equal to “Windows 10 Enterprise for Virtual Desktops”. You can enter the device OS type as shown in the below screenshot in the value column.

AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

Click on SAVE and CREATE button to complete the process of building Azure AD dynamic device group creation.

Dynamic Query – Windows 10 Enterprise for Virtual Desktops

You can use the following Azure AD device dynamic query to create Windows 10 multi-session AAD dynamic groups.

(device.deviceOSType -eq "Windows 10 Enterprise for Virtual Desktops")

Result

You can check the members of the dynamic device group from the Members tab in the Azure AD Device group. You can also validate Azure AD Dynamic Group Rules | Intune.

AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops
AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops

Resources

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

8 thoughts on “AVD Azure AD Dynamic Device Group for Windows 10 Multi-Session | Enterprise for Virtual Desktops”

  1. Humm, for me this doesn’t work… I’m using:

    (device.deviceOSType -eq “Windows 10 Enterprise for Virtual Desktops”)

    If I validate the rule against an AVD machine I get a failure and this:

    device.deviceOSType -eq “Windows 10 Enterprise for Virtual Desktops” [deviceOSType = “Windows”]

    Sure enough if I look at the “hardware” of the machine in Intune, it is just “Windows”, but with a system edition of “EnterpriseMultisession”… which doesn’t seem to be an available option to use in a rule. 🙁

    Reply
  2. This one will work in current iterations (late 2022) of AVD
    (device.deviceOSType -eq “Windows”) and (device.deviceManufacturer -eq “Microsoft Corporation”) and (device.deviceModel -eq “Virtual Machine”)

    Reply
  3. That will return all Azure or Hyper-V VMs, will it not? I don’t think it’s specific to Windows multi-session.

    Reply
  4. Did some one manage to set this up? Filters work just fine, but still having issues in getting this right in dynamic grouping. As mentioned by Pete Mitchell, the query from Brook returns Hyper-V VMs along with AVD session hosts. Please share if you have found a working dynamic rule.

    Thanks,
    Seemon

    Reply
  5. I have the same issue as everyone else. But I got it working by doing this based on my host names in my dynamic group membership query. I am doing this for assigning applications via Intune and obviously this will be different for everyone else but is an acceptable work around for me. Any of my AVD hosts will have this in the name always AND I will then pair this with a filter as well, just to be sure no other non-multisession host will be included in my device assignments because I do also have hosts that begin with AVD that are NOT multisession, hope this helps anyone else who got stuck.

    Dynamic group syntax
    (device.displayName -startsWith “AVD”) or (device.displayName -startsWith “NV5”) and (device.deviceOSType -eq “Windows”)

    Filter syntax
    (device.operatingSystemSKU -eq “ServerRdsh”)

    Reply
  6. powershell
    Connect-AzureAD
    Get-AzureADDevice -Filter “displayname eq ‘avd'” | fl DevicePhysicalIds

    you have something where you created vm
    [AzureResourceId]:/subscriptions/***/resourceGroups/***/providers/Microsoft.Compute/virtualMachines/avd

    then creates dynamic group
    (device.devicePhysicalIds -any (_ -startsWith “[AzureResourceId]:/subscriptions/***/resourceGroups/***/providers/Microsoft.Compute/virtualMachines/”))

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.