Forum Discussion
skythrock
Aug 09, 2022Copper Contributor
Create dynamic device group based off of which user enrolled the device
Is there a way to create a dynamic device group based off of which user enrolled the device? For example, I have an admin account that enrolled a bunch of kiosk machines, and I want the group to cons...
- Aug 20, 2022
Hi skythrock,
From my understanding, it wasn't possible to create a dynamic group based on which users enrolled the device into Azure AD. But I did some research via the Graph API and I have found a solution. And that the physicalIds field in Azure AD contains USER-GID information. So this means that you can build a dynamic query on that.
The only thing you need is the ID of your admin account. So go to Azure AD -> Users -> Admin account-> Copy userid from address barSo, you have all the needed information and you use create a dynamic group with the following Dynamic query and you will get all Azure AD devices that have been enrolled with your admin account.
device.devicePhysicalIDs -any _ -contains "[USER-HWID]: <ID of your Admin account> "
OR
device.devicePhysicalIDs -any _ -contains "[USER-GID]:<ID of your Admin account>"
Hopefully, this will help you.
Kind regards,
Rene
Mr_Helaas
Aug 20, 2022Steel Contributor
Hi skythrock,
From my understanding, it wasn't possible to create a dynamic group based on which users enrolled the device into Azure AD. But I did some research via the Graph API and I have found a solution. And that the physicalIds field in Azure AD contains USER-GID information. So this means that you can build a dynamic query on that.
The only thing you need is the ID of your admin account. So go to Azure AD -> Users -> Admin account-> Copy userid from address bar
So, you have all the needed information and you use create a dynamic group with the following Dynamic query and you will get all Azure AD devices that have been enrolled with your admin account.
device.devicePhysicalIDs -any _ -contains "[USER-HWID]: <ID of your Admin account> "
OR
device.devicePhysicalIDs -any _ -contains "[USER-GID]:<ID of your Admin account>"
Hopefully, this will help you.
Kind regards,
Rene
- tmonse970Nov 01, 2023Copper Contributor
Mr_Helaas
I have been looking at this post, I have about the same issue, but I would like to add devices into a group if user is member of another group. I have been trying to use this user.memberof -any (group.objectId -in ['groupId', 'groupId']) But not sure If I can mix a lookup of users into a dynamic device group - adrian-erwJun 05, 2023Copper Contributor
Mr_Helaas From my findings this only shows the Windows enrolled devices, not the mobile 'iphone' or 'Android' devices. Is there something I am doing wrong?
- Mr_HelaasJun 07, 2023Steel Contributor
Hi adrian-erw, what dynamic query are you using?