Intune Filters for Azure Virtual Desktop VMs

Now it’s time to look into Intune Filters for Azure Virtual Desktop VMs. Let’s learn about creating AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs.

Well, this is not applicable for a single session or Windows 10 persistent VM created using normal Windows 10 Enterprise SKUs. Well, the filters are also known as assignment filers(?).

I have a detailed post that explains how to start managing Windows 10 multi-session devices with Microsoft Endpoint Manager (#MEM) Intune. While writing this post, the only option to enroll Windows 10 Multi-Session VMs to Intune us using Group Policy. Thanks to Scott for the hint on Twitter.

Patch My PC

What is Intune Filter Evaluation Engine

The Intune filter engine is here to help the admins create filter rules to identify a special set of devices using device properties exposed through Intune (#MEM) portal. You can easily identify Windows 10 multi-session devices with this filter evaluation engine. You can see the filter evaluation Engine details in the below screenshot.

It’s important to note that all the device properties are not supported while writing this post. The MEM Intune filters can help to reduce the dependency on Azure AD static or Dynamic groups based on AVD VM names etc…

AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Azure Virtual Desktop | Endpoint Manager
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Azure Virtual Desktop | Endpoint Manager. Credits to Microsoft

AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs

Let’s see how to Create Intune MEM Filter Rules to filter only Windows 10 multi-session VMs (a.k.a, session hosts in AVD world). While writing this post, Intune filters are in public preview; hence you need to enable it from the tenant administration node.

1E Nomad

You can read more details about enabling filters for your Intune tenant from Jitesh’s post-Use Filters For Assigning Apps Policies And Profiles In Intune Portal | Endpoint Manager. Don’t forget to check the details about the prerequisites and known issues of filters from the above post.

  • Sign in to the Microsoft Endpoint Manager admin center.
  • Go to Tenant administration node
  • Click on Filters and then click on Create.
WVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Windows Virtual Desktop | Endpoint Manager
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Azure Virtual Desktop | Endpoint Manager

Now, you head into Intune MEM Filter creation workflow. Let’s have a look at how to create filters using the following workflow from the Endpoint Manager portal.

  • From the Basics page.
    • Enter the MEM Filter name: Enter the appropriate name for the filter – AVD Windows 10 Multi-Session AVD VMs.
    • Enter the Description: Enter a description for the filterFilter for Windows 10 Multi-Session VMs, not for a single session with normal Windows 10 enterprise SKUs.
  • Select the platform – Windows 10.

You can go to the next page (Rules) by clicking on NEXT button.

WVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Windows Virtual Desktop | Endpoint Manager
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Azure Virtual Desktop | Endpoint Manager

Intune Assignment How to Create Filter Rules

You need to create the rules for assignment filters, and this is the brain of the filter engine within Microsoft Endpoint Manager (a.k.a MEM) Intune. This is similar to Azure AD dynamic rules and SCCM collection queries.

To create filter rules, you need to be on the Rules page, as shown in the below screenshot. There are two ways to create or build MEM Intune Filter rules. As you know, I’m a GUI lover, so my preference is to use rule builder to create the rules.

  • Use Rule Builder
  • Use the syntax

Let’s go into the configuration of rules for Windows 10 Multi-session VMs. As you know, AVD Windows 10 Multi-session SKU is a server SKU, and we need to identify and select the “special SKU” for this type of Windows 10 operating system. This operating system SKU is only available in Azure.

You need to select three properties from Filter Rule Builder as mandatory to create the filter rule to identify AVD Windows 10 multi-session VMs (session hosts).

  1. Select the Property as OperatingSystemSKU
  2. Select Operator as Equals
  3. Select Value as ServerRdsh

NOTE! ServerRdsh is the key-value here to identify AVD Windows 10 multi-session VMs (session hosts). The operating system SKU for Windows 10 multi-session is ServerRdsh.

WVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Windows Virtual Desktop | Endpoint Manager
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Azure Virtual Desktop | Endpoint Manager

You can refer to the rule syntax created by the Rule builder within filter engine below.

(device.operatingSystemSKU -eq "ServerRdsh")

Click on NEXT, Next, and Create buttons to complete the Intune filters for Windows 10 multi-session. You can assign scope tags if needed, depending on the Intune RBAC scenarios.

How to Use Filters for App Policy and Profile Deployments

The step-by-step details of Use Of Filter, Change or Modify an Existing Filter, Delete a Filter, Reports, and Known Issue are covered by Jitesh in his post. If you looking for more details like How to Use Filters for App Policy and Profile Deployments, then go through Use Filters For Assigning Apps Policies And Profiles In Intune Portal | Endpoint Manager.

MEM Intune Filter Assignments
AVD Intune Filters to Target Apps Policies Only to Windows 10 Multi-session VMs | Windows Virtual Desktop | Endpoint Manager

Author

Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…

Categories AVD

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.