Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager

In this post, you will learn how to use Intune filters to assign app policies and profiles in the Intune Portal. With the latest development, Microsoft recently added an exciting new feature, Filters in Microsoft Endpoint Manager.

The feature adds greater flexibility for assigning apps and policies to groups of users or devices. As an Intune Admin, you can use filters to assign a policy based on your creation rules.

Using filters to achieve the right targeting outcome, you can combine a group assignment with a device’s characteristics.

One of Filters’ features is to improve flexibility when assigning Intune policies and apps in public preview (Generally Available). Microsoft fully supports public preview features for Microsoft Endpoint Manager.

Patch My PC

This helps the product team continuously work to obtain your valuable feedback about the new feature in the preview before the Microsoft product team finalizes the features.

Video – Intune Assignment Filters Decoded

This video will teach you about Intune Assignment Filters Decoded | Associated Assignments | AAD Groups Vs Filters | Supported Workloads and All.

Adaptiva
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Video 1

How Intune Filters Work – Architecture

Recently, Scott shared a tip on Twitter: Intune Filters can use $null as a value. You can now use $null as a value in assignment filters. It’s very handy if you want to exclude devices that were:

  • Not enrolled with an enrollment profile
  • or Not assigned a device category
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.1
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.1

Features and Benefits

Filters include the following features and benefits:

  • Improve flexibility and granularity when assigning Intune policies and apps.
  • Filters are used when assigning apps, policies, and profiles. They dynamically target devices based on the device properties you enter.
  • Filters can include or exclude devices in a specific group based on the criteria you enter.
  • Create a query of device properties based on the platform, including Android, iOS/iPad, macOS, and Windows 10.
  • Filters can be used and reused in multiple scenarios in “Include” or “Exclude” mode.

Prerequisites

Your account must have the Intune Service Administrator (also known as Intune Administrator) permission to enable or disable filters for your tenant. Intune Filters are out of public preview now.

Enable Intune Filters Public Preview

Intune Filters are out of public preview now. If you are not part of the preview, join the preview to see the latest features and improvements. In Filters (preview), Select the banner at the top of the page to Try out the filters (preview) feature.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.2
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.2

To enable the feature, under Preview features, toggle the switch to turn it on and click Apply.

Intune Filters are out of public preview now.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.3
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.3

Once the feature is available for you, you can see Create option at the top of the Filters (preview) page.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.4
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.4

Create a Filter

Select Tenant AdministrationFilters Create.

  • In Basics, enter the following properties and Click Next.
  • Filter name: Enter the appropriate name for the filter.
  • Description: Enter a description for the filter. This setting is optional but recommended.

Platform: Select your platform from available options: iOS/iPadOS, Windows 10, Android device administrator, macOS, Android Enterprise

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.5
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.5

There are two ways to create a rule in Rules: Use the rule builder or the rule syntax. The expression you made with the rule builder is automatically added to the rule syntax editor.

Rule builder:

And/Or: After you add an expression, you can add to the expression using the and or or options.
Property: Select a property for your rule, such as device or operating system SKU.
Operator: Select the operator from the list, such as equals or contains.
Value: Enter the value in your expression. For example, enter 10.0.18362 for the OS version, or Microsoft for the manufacturer.
Add expression: After you add the property, operator, and value, select Add expression:

Rule syntax – You can manually enter your rule expression and write your rules in the rule syntax editor. In Rule syntax, select Edit:

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.6
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.6

Preview Devices Option in Intune Filters

You have a new Preview Devices option to check whether the Intune filter rules are correctly configured or not.

Device preview – You can see a sample device set that matches the filter rules.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.7
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.7

The above example shows the Personal Devices enrolled in Intune. You will need to click on the Preview Devices link, as shown in the screenshot.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.8
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.8

Select Next.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.9
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.9

Review your settings in Review + Create. When you select Create, your changes are saved. The filter is created and ready to be used. It is also shown in the filters list.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.10
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.10

Here, you can see the filter has been successfully created.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.11
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.11

Use Of Filter

After creating the filter, it’s ready to use when assigning your apps or policies.

  • Sign in to the Endpoint Manager admin center.
  • Go to your apps, compliance policies, or configuration profiles. For a list of what’s supported, see Supported workloads when creating filters.
  • Select an existing policy or create a new policy. For example, select Apps > Windows and select an existing app. Select Properties > Assignments > Edit
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.12
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.12
  • To assign your policy to a users group or a devices group, select Edit filter. You can choose to include or exclude filtered devices. A list of filters that match the policy platform is shown.
  • Select your filter from the available options and click Select. For example, here, I selected Include filtered devices in the assignment, and select the filter, Here you can see multiple options available that we had created.
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.13
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.13

Once you have selected the filter to behave, It will be shown Filter mode and Filter (preview) as below –

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.14
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.14
  • To save your changes, select Review + SaveSave.

When the device checks in with the Intune service, the properties defined in the filter are evaluated to determine whether the app or policy should be applied.

Change or Modify an Existing Filter

After a filter is created, it can be changed or updated.

  • Sign in to the Endpoint Manager admin center.
  • Select Tenant administration > Filters (preview). A list of all the filters is shown. You can also update filters in Devices > Filters (preview) or Apps > Filters (preview).
  • Select the filter you want to change. Select Rules > Edit, and make your changes –
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.15
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.15
  • To save your changes, select Review + save > Save.

Delete a Filter

  • Sign in to the Endpoint Manager admin center.
  • Select Tenant administration > Filters (preview). A list of all the filters is shown. You can also delete filters in Devices > Filters (preview) or Apps > Filters (preview).
  • Next to the filter, select the ellipses (…) and select Delete. A prompt will appear with the message “Are you sure?” Click OK to delete.

Important – You must remove the filter from any policy assignments to delete a filter. Otherwise, you’ll get the following error when trying to delete the filter.

Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager - Fig.16
Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager – Fig.16

Reports

Filter evaluation report for devices

This report shows every app or policy with a filter applied. For each evaluated app or policy, you can see the applied filters and get more detailed information.

The filter evaluation results can take up to 30 minutes to appear in the Endpoint Manager admin center after the evaluation.

  • Sign in to the Endpoint Manager admin center.
  • Select Devices > All Devices > Select a device > Filter evaluation (preview). The following information is shown:
    • The evaluation results: Match or No match
    • If the filter was using the Include or Exclude mode
    • The filter name, description, and rules.
    • The date and time the evaluation occurred.
    • The properties that were evaluated, such as deviceName.
  • The Filter information section is populated with the currently configured filter name, description, and rules. The information isn’t populated from log data. The filter name, syntax, and other metadata may have changed since the last evaluation. When troubleshooting, look at the Evaluation time and Last modified timestamps.

Explore these Filter reports and troubleshooting in the Microsoft Endpoint Manager article to learn more about the reporting features and to help troubleshoot filters and conflicts.

Known Issue

Since this feature is still in preview, you might encounter unexpected reporting delays while editing or deleting an existing filter, among other issues. I recommend you visit Microsoft Document Filters Public Preview – Overview and Known Issues.

Let us update you with your comments about your experience with the new feature.

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

2 thoughts on “Intune Filters for Assigning Apps Policies and Profiles In Intune Portal | Endpoint Manager”

  1. Hi Anoop,

    I have one question on this new feature.
    I would like to know whom has enable this option “Enable Filters Public Preview” from Intune console for any tenant. I mean from any Admin logs can we get something or answers only from Microsoft ?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.