Forum Discussion
Divide iOS devices for Compliance
Hi,
Has anyone worked out a dynamic query that can group iOS devices into two groups, one supports iOS 16 and the other is not.
My goal is to apply two Intune compliance policies for minimum version. And my challenge is that the device model attribute does not show device generation.
Thanks!
- Jan BakkerIron Contributor
nhtkid Have you tried filters?
Supported filter device properties and operators in Microsoft Intune | Microsoft Learn- nhtkidIron ContributorHi Jan,
This is not what I am doing.
There will be iPads that are not yet updated to iOS 16, but capable doing so, as outlined in Apple iOS 16 compatibility guide. I cannot use the OS filter. I need to identify these iPad devices and set a minimum version compliance to iOS 16.
There are also older iPads that are older models and won't support iOS 16. I will need to group them and set a min OS compliance to iOS 15.7
- KurtBMayerSteel Contributor
I don't think there's a query filter that will provide information on what devices "support upgrade" to iOS 16. It can only look at if the device is already on that version or not.
You can still keep your Compliance Policy global at 15.7 as the minimum supported version, which would block all lesser versions but allow those above on 16. There isn't often a need to have different compliance polices by version, so it may be simpler to just settle on the least common denominator.
The only other way to separate them is to put the "old" iOS devices into a static collection and "exclude" that group from the "newer version" compliance policy (and vice versa). But you'd still have to determine some distinguishing characteristic to identify the devices unable to upgrade and manually put them into the static collection. The Model attribute seems to be the only viable way to do it with dynamic device groups.
But there is the Product Name information under Hardware in Intune, which breaks it down in a bit further granularity per https://gist.github.com/adamawolf/3048717. Perhaps the Azure AD PowerShell module or Graph API could be used to pull that info and add the device to a static collection as a workaround.
Please like or mark this thread as answered if it's helpful, thanks!