Learn how to Set up Dynamic Device Groups in Intune. Do you want to add mobile devices automatically to Microsoft Intune Device Groups? Intune Dynamic groups have been a customer request for a long time.
This feature is similar to dynamic collections in SCCM/ConfigMgr. There are two ways to do it: one using the Azure AD Premium feature called AAD Dynamic Groups, and another is pretty new in Intune, something called Device Group Mapping.
One of our recent posts explains how to create nested Azure AD dynamic groups, a highly anticipated feature from the Azure AD team. This functionality shows the memberOf attribute, which was introduced to facilitate the nesting of Azure AD groups.
This capability allows for more flexible and efficient management of group memberships within Azure Active Directory, enabling organizations to simplify access controls and administration across their Azure resources.
Table of Contents
- How To Create Nested Azure AD Dynamic Groups
- Create AAD Dynamic Groups Based On Domain Join Type Hybrid Azure AD And Azure AD
- Create AAD Dynamic Groups Based On MDM Intune SCCM Management
How Do you Add Devices/Users Automatically to Intune Groups using Azure AD Dynamic Groups? – Learn How to Setup Dynamic Device Groups in Intune
Log in to the Azure AD portal (AAD Premium subscription should be there). Read More -> Create AAD Dynamic Groups Based On MDM Intune SCCM Management.
Navigate via – Directory –> Groups –> Open the group (MDM Group) –> Configure. Enable Dynamic Group (Only available for AAD Premium subscriptions) Membership –> Add Users where <Department> is equal to “IT”.
Learn How to Setup Dynamic Device Groups in Intune |
---|
Login to AAD.Portal.Azure.com. |
Navigate to the Azure Active Directory -> Groups node -> Click on the New Group button. |
Group Type -> Security |
Group Name -> HTMD AAD Group based on Dept |
Group Description -> To add all devices or users from a dept |
Membership Type -> Dynamic User |
In this scenario, all the users from the IT department will be added to the AAD Dynamic Security Group, which is called MDM Group.
Don’t panic if the group is not reflecting with users immediately; give it some time. It will get updated.
Once the AAD Dynamic Group is created and updated, log in to the Intune portal (endpoint.microsoft.com) and Create a New User Group to fetch all the devices of IT department users.
Whenever a new user joins the IT department, that user is automatically added to the Intune MDM group. Provisioning and de-provisioning groups is made easy with this.
More Details -> Create AAD Dynamic Groups Based On Domain Join Type Hybrid Azure AD And Azure AD
There are two options to build the Azure AD dynamic group query. You can use the rule builder or rule syntax text box to create or edit an AAD device group dynamic membership rule.
- Rule Builder -> Graphical interface – Easy to create the dynamic query.
- Rule Syntax -> Advanced technical users for complex queries.
Follow the steps below to use Azure AD dynamic group Rule Builder to create dynamic query rules for Hybrid Azure AD joined devices.
- Under Configure Rules -> Choose Property drop-down list.
- Select deviceTrustType as the property from the drop-down list.
How do you Add Devices automatically to Intune Device Groups using Device Group Mapping?
Click on the Admin tab in the Intune console. Navigate via Device Group Mapping—enable Device Group Mapping—Create a Device Group and ADD a CATEGORY to manage device group mapping rules. Once you click on Create Device Group, it will guide you through creating one device group.
When every user enrolls (during the Enrollment Process) to Intune using the Microsoft Intune Company Portal application, the User will get an extra screen to select “Choose the best category for this device.” I have created only one category, “ADMIN,” for users. You are free to make an Intune device category for each department!!
More details on AAD Groups Based On Intune Device Categories.
Resources
SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)
SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com)
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.