Now it’s time to look into Intune Filters for Azure Virtual Desktop VMs. Let’s learn about creating AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs.
This is not applicable for a single session or Windows 10 persistent VM created using normal Windows 10 Enterprise SKUs. The filters are also known as assignment filers(?).
I have a detailed post that explains how to start managing Windows 10 multi-session devices with Microsoft Endpoint Manager (#MEM) Intune.
While writing this post, the only option to enrol Windows 10 Multi-Session VMs is to Intune us using Group Policy. Thanks to Scott for the hint on Twitter.
Table of Contents
What is Intune Filter Evaluation Engine
The Intune filter engine is here to help admins create filter rules to identify a special set of devices using device properties exposed through the Intune (#MEM) portal. This filter evaluation engine can easily identify Windows 10 multi-session devices. The details of the filter evaluation engine are shown in the screenshot below.
It’s important to note that all the device properties were not supported when this post was written. The MEM Intune filters can help reduce the dependency on Azure AD static or Dynamic groups based on AVD VM names, etc.
- Intune Filters For Assigning Apps Policies And Profiles In Intune Portal
- MEM Intune: Create Assignment Filters for Azure Virtual Desktop Single Session Windows 10 | AVD
- Create A Filter Rule For Windows 365 Cloud PCs Using Intune
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs
Let’s see how to Create Intune MEM Filter Rules to filter only Windows 10 multi-session VMs (a.k.a, session hosts in the AVD world). While writing this post, Intune filters are in public preview; hence, you must enable them from the tenant administration node.
You can read more details about enabling filters for your Intune tenant from Jitesh’s post-Use Filters For Assigning Apps Policies And Profiles In Intune Portal | Endpoint Manager. Don’t forget to check the details about the prerequisites and known issues of filters from the above post.
- Sign in to the Microsoft Endpoint Manager admin center.
- Go to the Tenant administration node
- Click on Filters and then click on Create.
Now, you head into the Intune MEM Filter creation workflow. Let’s look at how to create filters using the following workflow from the Endpoint Manager portal.
- From the Basics page.
- Enter the MEM Filter name: The appropriate name for the filter is AVD Windows 10 Multi-Session AVD VMs.
- Enter the Description: Enter a description for the filter – Filter for Windows 10 Multi-Session VMs, not for a single session with normal Windows 10 enterprise SKUs.
- Select the platform – Windows 10.
You can go to the next page (Rules) by clicking the Next button.
Intune Assignment How to Create Filter Rules
You need to create the rules for assignment filters, and this is the brain of the filter engine within Microsoft Endpoint Manager (a.k.a MEM) Intune. This is similar to Azure AD dynamic rules and SCCM collection queries.
To create filter rules, you need to be on the Rules page, as shown in the screenshot below. There are two ways to create or build MEM Intune Filter rules. As you know, I’m a GUI lover, so I prefer using a rule builder.
- Use Rule Builder
- Use the syntax
Let’s configure rules for Windows 10 Multi-session VMs. As you know, the AVD Windows 10 Multi-session SKU is a server SKU, and we need to identify and select the “special SKU” for this type of Windows 10 operating system. This operating system SKU is only available in Azure.
You must select three properties from Filter Rule Builder as mandatory to create the filtering rule to identify AVD Windows 10 multi-session VMs (session hosts).
- Select the Property as OperatingSystemSKU
- Select Operator as Equals
- Select Value as ServerRdsh
NOTE! – ServerRdsh is the key value here to identify AVD Windows 10 multi-session VMs (session hosts). The operating system SKU for Windows 10 multi-session is ServerRdsh.
You can refer to the rule syntax created by the Rule builder within the filter engine below.
(device.operatingSystemSKU -eq "ServerRdsh")
Click the NEXT, Next, and Create buttons to complete the Intune filters for Windows 10 multi-session. Depending on the Intune RBAC scenarios, you can assign scope tags if needed.
Intune Filter Device Preview
Microsoft added a new Intune Filter device preview option. This helps determine whether you created the correct Intune Filtering rules. You can see a sample set of devices that match the filter rules.
You will need to check the link on the Device Preview section under Tenant Admin after creating the rules.
You can check the list of devices in the Preview Devices filtered using the filtering rule created by the rule.
How to Use Filters for App Policy and Profile Deployments
In his post, Jitesh covers the step-by-step details of using a filter, changing or modifying an existing filter, deleting a filter, Reporting, and identifying known issues. If you want more details, like how to Use Filters for App Policy and Profile Deployments, go through Use Filters For Assigning Apps Policies And Profiles In Intune Portal | Endpoint Manager.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.