Let’s find Group Membership for Device from Intune MEM Portal. The Group membership report provides the group membership of all AAD groups for a specific managed device. You can easily validate the group membership and be useful while performing troubleshooting.
Starting with Intune Service Release 2206 brings the much-awaited addition to view a managed device group membership addition from Microsoft Intune Portal. The details are published by Scott Breen (MS Senior Program Manager) from Intune Team on Twitter.
The added feature will help you find the device parts of groups, easily get the list of groups a managed device is a member of, and view a device’s direct and transitive group membership from within Intune. Transitive membership shows direct and parent group membership, which can help identify where policies and apps are coming from.
This report supports all device platforms and management types. The Device group membership report provides filtering, searching, paging, and sorting capabilities.
In the monitor section of the Devices workload of Intune, you can view the group membership of all AAD groups for a managed device.
- How to Create Nested Azure AD Dynamic Groups
- How to Get Application Version Details From Intune
- Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD
Find Group Membership For Device from Intune MEM Portal
To view the group membership for the managed device, you can use the following steps:
- Sign in to Microsoft Endpoint Manager Admin Center https://endpoint.microsoft.com
- Choose Devices > All devices and select the device from the list. For Example, I selected the device CPC-jitesh53-DE
Note: You can also select the Devices by choosing the By platform and Select Windows.
To view the device membership of the group, select Group membership in the Monitor section.
When you click on a group, you can see the AAD pane for the group. Here you can see the details of the Group, the selected device part of the all listed group.
The Group membership report provides the group membership of all AAD groups for a specific managed device. The report provides the following columns:
- Name
- Object Id
- Membership Type
- Direct or Transitive
PowerShell Method to Get Group Membership of Intune Managed Devices
Let’s also quickly check the PowerShell Method to Get Group Membership of Intune Managed Devices. You can get these details easily using the Edge extension as mentioned in the Intune Graph API post.
Import-Module Microsoft.Graph.Identity.DirectoryManagement
Get-MgDeviceTransitiveMemberOf -DeviceId $deviceIdImport-Module Microsoft.Graph.Identity.DirectoryManagement
Get-MgDeviceMemberOf -DeviceId $deviceIdFilter Device Group Membership Report
The group membership filter allows Intune admin to use filter settings to narrow down the search based on the Membership type and whether the device is a direct member or a transitive member.
Transitive membership shows direct and parent group membership, which can help identify where policies and apps are coming from.
When you select membership type, you can see the option to identify whether the device’s membership is assigned or dynamic. Also you can easily refer to the membership type column.
Export Intune Device Group Membership Report
You can export the list of groups for the managed devices to a .csv file by selecting Export from the Group Membership. Click on Download to export the listed groups of managed devices.
A notification will appear automatically in the top right-hand corner with the message Export is in progress. All exported data will be automatically downloaded to your browsers in a .csv file format, and a notification message will appear Export completed.
You can now open the exported discovered applications list, and The Group membership report provides the group membership of all AAD groups for a specific managed device.
