cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Support Tip: Using group tags to import devices into Intune with Autopilot
By
J.C. Hornbeck
Published Aug 21 2019 08:25 AM 84.1K Views
J.C. Hornbeck
Microsoft
‎Aug 21 2019 08:25 AM

Support Tip: Using group tags to import devices into Intune with Autopilot

‎Aug 21 2019 08:25 AM

Hi everyone, today we have a post co-authored by Intune Support Escalation Engineer Saurabh Koshta and Intune Support Engineer Matt Gardner. In this post they discuss how you can use group tags to control device enrollment options via Windows Autopilot. This is a really handy feature so if you’re using Autopilot you’ll definitely want to check this out. As always, if you have any questions you can post them in the comments sections at the bottom of the page.

 

=====

 

In this post, Matt and I are going to discuss how you can use group tags to group devices together, allowing you to then specify different Autopilot enrollment options for each group of devices with the same group tag. Note that this is just one example of how you can use group tags - there are many other scenarios as well.

 

The Scenario

Contoso has obtained 100 Windows devices that will be used by Sales, Marketing, Finance and Accounting teams. Users on the Sales team will not have their devices joined to the local on-prem domain, and the users will need to be local administrators. Users on the Accounting team will be joined to the local domain and will not be local administrators on their computers.  Each team needs to have their own Autopilot deployment profile to fit their needs.

 

So how do we achieve this goal? Here is where using group tags can really help.

 

NOTE This scenario assumes the devices were obtained from a partner that provided the initial .csv file. Here is a list of participating device manufactures.

 

1. We start by modifying the .csv to add another column called Group Tag. We then we add a tag called Sales to the group of devices that will be allocated to the Sales team, a tag called Accounting to the group of devices that will be allocated to the Accounting team, etc. Here is an example:

 

jc-SK1b.png

2. The next step is to upload the device list to Intune. Please note that it is recommended you use Intune portal to upload the device list as mentioned in this article:

 

Enroll Windows devices in Intune by using the Windows Autopilot

 

As indicated in the article:

 

If you aren't interested in mobile device management, you can use Autopilot in other portals. While using other portals is an option, we recommend you only use Intune to manage your Autopilot deployments. When you use Intune and another portal, Intune isn't able to:

  • Display changes to profiles created in Intune, but edited in another portal
  • Synchronize profiles created in another portal
  • Display changes to profile assignments done in another portal
  • Synchronize profile assignments done in another portal
  • Display changes to the device list that were made in another portal

Once the .csv has been uploaded to Intune, the devices will display this same group tag information as shown in the screen shot below.

 

jc-SK1.png

3. Next we’ll create a dynamic device group and add the devices into their respective groups. Details for creating a dynamic device group can be found here, and the query for the groups that we’ll use is this:

 

(device.devicePhysicalIds -any _ -eq "[OrderID]:Sales")

 

jc-SK2.png

Once the device groups are created, we can view each one and see the members.

 

jc-SK3.png

jc-SK4.png

 

4. Now all we need to do is assign deployment profiles to each of these device groups. We won’t go into all the details of how to create and assign Windows Autopilot deployment profiles as you can get all the details of that here. Once you’ve created and assigned the deployment profiles you can verify the profile status under Device Enrollment – Windows Enrollment -> Windows Autopilot Devices. Here’s an example:

 

jc-SK7.png

That’s all there is to it. Now when these devices are powered on, each will be enrolled based on the settings of their assigned Autopilot deployment profiles.

 

Saurabh Koshta 

Intune Support Escalation Engineer | Microsoft

 

Matt Gardner

Support Engineer | Microsoft

9 Comments
Ivan Webb
Brass Contributor
‎Aug 22 2019 05:55 PM
‎Aug 22 2019 05:55 PM

Hi, What happens if the Dynamic group rules wizard in your tenant is now showing the new version with the Rules builder.  This is an issue for us the the currently published rules for dynamic groups for things like Order tags are no longer accepted as correct syntax.  Especially if the rule is compounded to be a specific order ID and a HW Model Type.
Does Microsoft plan to update the online doco to detail the new syntax required?

Sedky
Copper Contributor
‎Sep 06 2019 02:07 PM
‎Sep 06 2019 02:07 PM

This is awesome!!

0 Likes
Like
Jesse Gonzales
Copper Contributor
‎Jun 30 2020 12:03 PM
‎Jun 30 2020 12:03 PM

I like this! :lol:

0 Likes
Like
JoseFranciscoMoraBarrantes
Microsoft
‎Jun 13 2022 12:46 PM
‎Jun 13 2022 12:46 PM

For RBAC: The permission that controls the group tags in Autopilot Devices will be shown as "Sync Device" permission under Enrollment Programs.

 

Role-based access control (RBAC) with Microsoft Intune | Microsoft Docs

0 Likes
Like
MihaiR
Copper Contributor
‎Aug 19 2022 01:14 AM
‎Aug 19 2022 01:14 AM

Hello, thanks for the detailed information, I tried to follow the described steps, in an attempt to add Group Tag column. When I try to upload the csv to the autopilot devices, it returns an error ( "Incorrect headers, cannot proceed further
" ). With default columns ( no GroupTag added), the .csv loads just fine. Please advise, thank you.

0 Likes
Like
PeterLurie
Microsoft
‎Sep 12 2022 11:47 AM
‎Sep 12 2022 11:47 AM

So double check your headers, @MihaiR

The column headings are case sensitive and leading/trailing spaces do matter.  It should be "Group Tag" (with the space in the middle, but no quote marks).  Delete any trailing columns in Excel before saving the .csv.
HTH.

0 Likes
Like
Rafael_Campos
Copper Contributor
‎Oct 02 2023 09:59 AM
‎Oct 02 2023 09:59 AM

Hello! Thanks for the information!

 

Is there a way we can upload the devices without having to assign the Group Tag directly in the Partner Center?

 

Thanks in advance.


Regards

0 Likes
Like
RonS_
Copper Contributor
‎Nov 16 2023 05:19 PM
‎Nov 16 2023 05:19 PM

Mr. Microsoft - why is it that we can't get what we really want for Christmas? A process that provides a way to query to automatically add devices to Autopilot dynamic groups for profiles?  Let me be more specific.  I would like to take and query for the OrderID but also include the model in that query, so that in my example I have 3 regions and the vendor is providing an order ID unique for each.  All I want to add to my query is the MODEL name so I can separate the laptops from the desktops (should be easy since I can SEEEEEEEE that information once the hash is imported into Intune.. but NOOOOO!)  What is up with this?  What am I missing?  If Intune can show the model name in the Windows Autopilot devices view, what query am I missing to call that into a dynamic group??  I should add.. I confirmed that I can query and create a dynamic group based on the order information as I stated.. but not able to find any query for the model (or HW type perhaps?).  Additionally, client may incur an additional cost to have the vendor add a Group Tag prior to shipping - so this would mean us manually identifying 1000+ computers by adding the tags in Intune.  THIS ... is not modern, or automated.  seriously 

0 Likes
Like
Simon_Aebi
Copper Contributor
‎Feb 01 2024 01:10 AM
‎Feb 01 2024 01:10 AM

This does not work anymore, if you use Excel, the upload will not work, see here: https://learn.microsoft.com/de-ch/autopilot/add-devices (in the "important" field)

0 Likes
Like
Co-Authors
Version history
Last update:
‎Dec 19 2023 01:20 PM
Updated by: