Apr 02 2018 03:00 AM
We are just beginning with Intune, but is it just right that you cannot ad devices in a Azure AD Group, and use a device configuration policy only for that group with devices? Or is this because you can only assign devices with associated users?
Apr 02 2018 04:50 AM
That is correct, AAD Groups contain user accounts, they don't contain devices.
Devices are managed by Registering them and then applying policies, see
https://docs.microsoft.com/en-us/azure/active-directory/device-management-introduction
Apr 03 2018 09:47 AM
If you can map the membership rules to your use case, you may be able to use Device Dynamic Groups:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-a...
We're successfully assigning configurations based upon this approach today. It takes a few minutes for the dynamic group membership to get resolved after enrolling the device in Intune, but they do eventually apply.