Learn How to Setup Dynamic Device Groups in Intune? Do you want to add mobile devices automatically to Microsoft Intune Device Groups? Intune Dynamic groups are always a customer request for a long back.
This feature is similar to dynamic collections in SCCM/ConfigMgr. There is two way to do it. One is using the Azure AD Premium feature called AAD Dynamic Groups, and another one is pretty new in Intune, something called Device Group Mapping.
Updated Post -> How To Create Nested Azure AD Dynamic Groups.
How to add devices/users automatically to Intune Groups using Azure AD Dynamic Groups?
Learn How to Setup Dynamic Device Groups in Intune?
- Log in to the Azure AD portal (AAD Premium subscription should be there).
Read More -> Create AAD Dynamic Groups Based On MDM Intune SCCM Management
Navigate via – Directory –> Groups –> Open the group (MDM Group) –> Configure. Enable Dynamic Group (Only available for AAD Premium subscriptions) Membership –> Add Users where <Department> is equal to “IT”.
- Login to AAD.Portal.Azure.com.
- Navigate to the Azure Active Directory -> Groups node -> Click on the New Group button.
- Group Type -> Security
- Group Name -> HTMD AAD Group based on Dept
- Group Description -> To add all devices or users from a dept
- Membership Type -> Dynamic User
In this scenario, all the users from the IT department will get added to the AAD Dynamic Security Group called MDM Groups.
Don’t panic if the group is not reflecting with users immediately, give it some time. It will get updated.
Once the AAD Dynamic Group is created and updated, login to Intune portal (endpoint.microsoft.com) and Create a New User Group to fetch all the devices of IT department users.
Whenever a new user joins to IT department, that user will automatically get added to Intune MDM group as well. Provisioning and de-provisioning of groups made easy with this.
More Details -> Create AAD Dynamic Groups Based On Domain Join Type Hybrid Azure AD And Azure AD
There are two options to build the Azure AD dynamic group query. You can use the rule builder or rule syntax text box to create or edit an AAD device group dynamic membership rule.
- Rule Builder -> Graphical interface – Easy to create the dynamic query.
- Rule Syntax -> Advanced technical users for complex queries.
You need to follow the steps mentioned below to use Azure AD dynamic group Rule Builder to create dynamic query rules for Hybrid Azure AD joined devices.
- Under Configure Rules -> Choose Property drop-down list.
- Select deviceTrustType as the property from the drop-down list.
How to Add Devices automatically to Intune Device Groups using Device Group Mapping?
Learn How to Setup Dynamic Device Groups in Intune?
Click on the Admin tab in Intune console. Navigate via Device Group Mapping – enable Device Group Mapping – Create a Device Group and ADD a CATEGORY to manage device group mapping rules. Once you click on Create Device Group, it will guide you through creating one device group.
When every user enrolls (During Enrollment Process) to Intune using the Microsoft Intune Company Portal application, the User will get an extra/additional screen to select “Choose the best category for this device”. Right now, I have only created one category, “ADMIN” for users to select. You are free to create Intune device category for each department !!
More details on AAD Groups Based On Intune Device Categories
Resources
SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)
SCCM Video Tutorials For IT Pros – HTMD Blog #2 (howtomanagedevices.com)
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…