Hi everyone, today we have a post co-authored by Intune Support Escalation Engineer Saurabh Koshta and Intune Support Engineer Matt Gardner. In this post they discuss how you can use group tags to control device enrollment options via Windows Autopilot. This is a really handy feature so if you’re using Autopilot you’ll definitely want to check this out. As always, if you have any questions you can post them in the comments sections at the bottom of the page.
=====
In this post, Matt and I are going to discuss how you can use group tags to group devices together, allowing you to then specify different Autopilot enrollment options for each group of devices with the same group tag. Note that this is just one example of how you can use group tags - there are many other scenarios as well.
The Scenario
Contoso has obtained 100 Windows devices that will be used by Sales, Marketing, Finance and Accounting teams. Users on the Sales team will not have their devices joined to the local on-prem domain, and the users will need to be local administrators. Users on the Accounting team will be joined to the local domain and will not be local administrators on their computers. Each team needs to have their own Autopilot deployment profile to fit their needs.
So how do we achieve this goal? Here is where using group tags can really help.
NOTE This scenario assumes the devices were obtained from a partner that provided the initial .csv file. Here is a list of participating device manufactures.
1. We start by modifying the .csv to add another column called Group Tag. We then we add a tag called Sales to the group of devices that will be allocated to the Sales team, a tag called Accounting to the group of devices that will be allocated to the Accounting team, etc. Here is an example:
2. The next step is to upload the device list to Intune. Please note that it is recommended you use Intune portal to upload the device list as mentioned in this article:
Enroll Windows devices in Intune by using the Windows Autopilot
As indicated in the article:
If you aren't interested in mobile device management, you can use Autopilot in other portals. While using other portals is an option, we recommend you only use Intune to manage your Autopilot deployments. When you use Intune and another portal, Intune isn't able to:
Once the .csv has been uploaded to Intune, the devices will display this same group tag information as shown in the screen shot below.
3. Next we’ll create a dynamic device group and add the devices into their respective groups. Details for creating a dynamic device group can be found here, and the query for the groups that we’ll use is this:
(device.devicePhysicalIds -any _ -eq "[OrderID]:Sales")
Once the device groups are created, we can view each one and see the members.
4. Now all we need to do is assign deployment profiles to each of these device groups. We won’t go into all the details of how to create and assign Windows Autopilot deployment profiles as you can get all the details of that here. Once you’ve created and assigned the deployment profiles you can verify the profile status under Device Enrollment – Windows Enrollment -> Windows Autopilot Devices. Here’s an example:
That’s all there is to it. Now when these devices are powered on, each will be enrolled based on the settings of their assigned Autopilot deployment profiles.
Saurabh Koshta
Intune Support Escalation Engineer | Microsoft
Matt Gardner
Support Engineer | Microsoft
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.