Forum Discussion
dynamic group based on domain join type
PatrickF11 Well, this is supported and available!
You can create Azure AD dynamic device groups based on Hybrid Azure AD Join and Azure AD Join. This is using the DeviceTrustType attribute. I have put across some more points and validation details etcCreate AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD.
Are these devices of the same OS?
We have a dynamic group that targets all Windows 10 devices..
You could also do this by Model number, but this would need updating every time a new model is introduced into the work place.
tweetiepie1983 No, nearly all of our devices are Win10 based devices.
Most of them are hybrid joined, but in near future more and more will do a an azure only join. (No matter which model)
That's why i think, i need a solution based on the join type.
The list of properties you can use for Devices is here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership#rules-for-devices
If nothing else, you can use the enrollmentProfileName or custom values such as deviceCategory.
Hey Guys did you ever get this figured out. I am trying to do the same thing however I want the Hybrid joind machines to autoenroll into InTune without opening InTune Enrollment to everyone. I want the auto enroll security group to be device based instead of user based.
