Forum Discussion
dynamic group based on domain join type
PatrickF11 Well, this is supported and available!
You can create Azure AD dynamic device groups based on Hybrid Azure AD Join and Azure AD Join. This is using the DeviceTrustType attribute. I have put across some more points and validation details etcCreate AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD.
Go to: (Intune\Devices\Device Categories)
(https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/deviceCategories)
Create a category named "AAD Joined Devices"
Go to: (Intune\Groups)
(https://endpoint.microsoft.com/#blade/Microsoft_AAD_IAM/GroupsManagementMenuBlade/AllGroups)
Create a DYNAMIC group called "AAD Joined Devices" and add an expression where "Device Category" equals a value of "AAD Joined Devices"
Devices will need to have their Device Category changed to "AAD Joined Devices" manually.
Hope this helps!
Thank you for your response in this topic. Just a few questions:
1. Since when do AAD joined devices automatically set their device category?
2. When using a category all my BYOD mobile devices are going to be aksed to choose a category. Thats why i don't like them that much. (e.g. ios enrollment with company portal app)
Hey there Patrick,
I see the confusion, I fixed my earlier post so others don't get confused. I posted that when I was in the middle of testing everything and forgot to go back and change my post with the correct information I found after I was finished testing.
Sorry about that!
1. They don't. I manually change the AAD Joined devices "Device Category". Annoying for sure but it's the only way I've found to get all the AAD Joined devices into a group so I can apply policies only to those devices.
2. Correct, they will be asked to choose a category. I created a "more obvious" category called "Phones and Tablets" for them to choose so those BYOD devices (hopefully) don't end up in the "AAD Joined Devices" category. Not the most elegant solution but so far it's working. If a user chooses the wrong category I'll find it eventually when looking at the "AAD Joined Devices" group and can correct it then. My custom policies are only for Windows 10 so the phones and tablets, even if in the wrong group, won't apply those policies anyway.
Give me a shout if you have any more questions!Have a great day!
Matt
