Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Feb 06, 2020
Solved

Users with Multiple Devices - Groups Best Practice

Hi All

 

Say a user has multiple devices like so:

 

Windows 10 laptop

iOS Personal phone

iOS DEP / Corp phone

Android Enterprise Work Profile

Android Enterprise COFM

MacOS

 

Is it best to create ONE group for policies, apps etc or create a group per OS?

 

Info appreciated

Intune
mobile device management (mdm)
  • MahmoudAtallah's avatar
    MahmoudAtallah
    Feb 08, 2020

    Hi StuartK73 , 

     

    I had the same scenario for one of our customers, in that case, what I would suggest,

     

    Just create a Dynamic Groups.

    Example:

     

    Windows 10 laptop 

    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

    iOS Personal phone

    • (device.deviceOwnership-eq "Personal") 

    iOS DEP / Corp phone 

    • (device.enrollmentProfileName -eq "DEP iPhones") 

    Android Enterprise Work Profile 

    • (device.deviceOSType -contains "AndroidEnterprise")
    • (device.deviceOSType -eq "AndroidForWork")

    MacOS

    • (device.deviceModel -eq "iPad Air")

     

    And then simply create your Intune Management Profiles and Categories based on those created groups. 

     

    And don't forget to benefit of using device categories.  

     

     

     

5 Replies

  • MahmoudAtallah's avatar
    MahmoudAtallah
    MCT
    Feb 08, 2020

    Hi StuartK73 , 

     

    I had the same scenario for one of our customers, in that case, what I would suggest,

     

    Just create a Dynamic Groups.

    Example:

     

    Windows 10 laptop 

    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

    iOS Personal phone

    • (device.deviceOwnership-eq "Personal") 

    iOS DEP / Corp phone 

    • (device.enrollmentProfileName -eq "DEP iPhones") 

    Android Enterprise Work Profile 

    • (device.deviceOSType -contains "AndroidEnterprise")
    • (device.deviceOSType -eq "AndroidForWork")

    MacOS

    • (device.deviceModel -eq "iPad Air")

     

    And then simply create your Intune Management Profiles and Categories based on those created groups. 

     

    And don't forget to benefit of using device categories.  

     

     

     

    • StuartK73's avatar
      StuartK73
      Iron Contributor
      Feb 08, 2020

      MahmoudAtallah 

       

      Hi Buddy

       

      Thanks very much for the device queries per OS, very useful.

       

      Can you please recheck the queries on:

       

      AE Corp Owned Fully Managed

      iOS Personal

       

      Stuart

      • MahmoudAtallah's avatar
        MahmoudAtallah
        MCT
        Feb 09, 2020

        StuartK73 

         

        As the best approach is to create device categories,  by using the deviceCategory attribute. For example: device.deviceCategory -eq “Personal Device“.

        When users of iOS and Android devices enroll their device, they must choose a category from the list of categories you configured. After they choose a category and finish enrollment, their device is added to the Intune device group, or the Active Directory security group that corresponds with the category they chose.

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Feb 07, 2020
    This is really dependent on the settings you specify per device.

    Do you push different settings to personal/coorporate devices?

Resources