Forum Discussion

NeilPD's avatar
NeilPD
Copper Contributor
Apr 26, 2022

Locking Intune Device Categories by Azure groups

Is there a way to assign an azure group to a device category.

 

So only users that are in that azure group are able to enrol their device into that device category.

 

Or so users can only see the device categories that they have been given access to by the azure group(s)?

 

This is to tighten up the enrollment process and just making it a cleaner/quicker approach for users.

Intune

8 Replies

  • e-aldo's avatar
    e-aldo
    Iron Contributor
    Apr 28, 2022

    Hi NeilPD,

     

    There is no Intune or Azure AD features that allow you assign a device categorie to an AzureAD group unfortunately.

    There is no way today to limit a device category usage to a specific users or devices.

     

    As mentionned by shehanjp you can create AzureAD group with devices categories as membership rules but this will not help you because the device will join the group after the user or an IT pro added the catagory set as the group membership criteria.

     

    Thanks

    • NeilPD's avatar
      NeilPD
      Copper Contributor
      Apr 28, 2022
      Hi,
      Yeah that is what I was thinking, shame. Thanks for clearing it up.
  • MMelkersen_MVP's avatar
    MMelkersen_MVP
    Brass Contributor
    Apr 27, 2022
    I would not recommend use device categories. If you need to find devices and add them to a dynamic AAD group, then find other attributes you can use to this.

    Can you tell more about what you want to achieve?
    • NeilPD's avatar
      NeilPD
      Copper Contributor
      Apr 27, 2022

      MMelkersen_MVP 

      Device Categories was already in use in our intune for windows / MACs so need to setup device cats for iOS/android devices. Its also easier for users to select the cat and then the apps and wallpaper etc is deployed to them. We can then also see the device in each cat easily via the filters.

      • MMelkersen_MVP's avatar
        MMelkersen_MVP
        Brass Contributor
        Apr 28, 2022
        ok, but what if they choose wrong category then?
        Why not use different enrollment profiles and then filter your apps and policies on that in Intune? your deployments will be much faster and more reliable.
  • shehanjp's avatar
    shehanjp
    Iron Contributor
    Apr 27, 2022

    NeilPD 

     

    Hi,

     

    Device categories are for devices, but not for the users, but admins can give the option to users to select the device category when enrolling the device.

     

    Is there a way to assign an azure group to a device category

    Yes. You can create device categories 1st and then using Dynamic AAD Groups (Dynamic Device), create a rule to assign devices with the specific category to the group.

    Check this - https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping

     

    This will work - Or so users can only see the device categories that they have been given access to by the azure group(s)?

    This can be achieved if you install Company Portal app. When they 1st open the app, they will be asked to select the Device Category. However in this case they can see all the device categories and have to select the proper one.

    Once selected, the device will be assigned to the previously created AAD Dynamic device group so you can set targeted policies for that category.
    Check this - https://jannikreinhard.com/2021/07/18/configure-device-categories/

     

    Hope this helps.

    Thanks you.

     

    **If you think my answer is valid, please Accept it as the solution. Thank you**

     

Resources