Aug 09 2022 11:44 AM
Is there a way to create a dynamic device group based off of which user enrolled the device? For example, I have an admin account that enrolled a bunch of kiosk machines, and I want the group to consist of all the devices that were enrolled by that account. (It might just be me being dense, but I can't for the life of me figure out how to do this based off Microsoft's documentation.)
Aug 10 2022 12:13 AM
Aug 20 2022 12:56 PM - edited Aug 20 2022 01:21 PM
SolutionHi @skythrock,
From my understanding, it wasn't possible to create a dynamic group based on which users enrolled the device into Azure AD. But I did some research via the Graph API and I have found a solution. And that the physicalIds field in Azure AD contains USER-GID information. So this means that you can build a dynamic query on that.
So, you have all the needed information and you use create a dynamic group with the following Dynamic query and you will get all Azure AD devices that have been enrolled with your admin account.
device.devicePhysicalIDs -any _ -contains "[USER-HWID]: <ID of your Admin account> "
OR
device.devicePhysicalIDs -any _ -contains "[USER-GID]:<ID of your Admin account>"
Hopefully, this will help you.
Kind regards,
Rene
Aug 22 2022 09:22 AM
@Mr_Helaas This is exactly what I was looking for! Thanks for your response.
May 09 2023 08:22 AM
Jun 05 2023 03:49 AM
@Mr_Helaas From my findings this only shows the Windows enrolled devices, not the mobile 'iphone' or 'Android' devices. Is there something I am doing wrong?
Jun 07 2023 07:36 AM
Hi @adrian-erw, what dynamic query are you using?
Nov 01 2023 06:27 AM
@Mr_Helaas
I have been looking at this post, I have about the same issue, but I would like to add devices into a group if user is member of another group. I have been trying to use this user.memberof -any (group.objectId -in ['groupId', 'groupId']) But not sure If I can mix a lookup of users into a dynamic device group
Nov 05 2023 08:47 AM - edited Nov 05 2023 08:47 AM
Hi @tmonse970
unfortunately, that is not possible without automation, You can't get the devices of the users who are part of a group. I have done this before with a Logic app and the graph api.
Nov 09 2023 12:54 AM - edited Nov 09 2023 12:54 AM
@Mr_Helaas Is there any chance that you could share how you approached that? Even just a basic framework and I can work out the finer details?
I have a testing user group that I'd like to create a group that mirrors it but to contain those users primary devices.
Nov 10 2023 11:00 AM
@Dannymac223 We are using Runbooks in Azure Automation account to resolve this issue
Nov 11 2023 05:13 AM
Nov 13 2023 03:01 AM
@Mr_Helaas That would be great.
Nov 13 2023 03:07 AM
Jun 25 2024 10:12 AM
@Mr_Helaas I would greatly appreciate this blog post as well. Without device affinity in Intune (very stupid), being able to make groups like this would be extremely helpful.
Aug 20 2022 12:56 PM - edited Aug 20 2022 01:21 PM
SolutionHi @skythrock,
From my understanding, it wasn't possible to create a dynamic group based on which users enrolled the device into Azure AD. But I did some research via the Graph API and I have found a solution. And that the physicalIds field in Azure AD contains USER-GID information. So this means that you can build a dynamic query on that.
So, you have all the needed information and you use create a dynamic group with the following Dynamic query and you will get all Azure AD devices that have been enrolled with your admin account.
device.devicePhysicalIDs -any _ -contains "[USER-HWID]: <ID of your Admin account> "
OR
device.devicePhysicalIDs -any _ -contains "[USER-GID]:<ID of your Admin account>"
Hopefully, this will help you.
Kind regards,
Rene