Help creating Dynamic Group rule in Intune

Copper Contributor

I have been asked to remove a required Android application to only new enrolled Android Enterprise Fully Managed device in Intune. Currently, this application is deployed as required to all user. I need to create an exclusion group and I was thinking to create a dynamic group and use a rule that would include new enrolled devices only so I can apply this group an exclusion on the affected application.
Is that would be possible?
Any help would be appreciated.




2 Replies


You could deploy to a dynamic group based on a query like this:


device.enrollmentProfileName -eq "Android - Corporate-owned devices with work profile") and (device.deviceOSType -eq "AndroidEnterprise")

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

If one of the posts was helpful in other ways, please consider giving it a Like.

Hi Harm_Veenstra ,
The rule that you have advised will show me all the Android devices currently enrolled in Intune but because this is a process that needs to be happening gradually we want to start only with the new enrolled Android devices so I can exclude them from the application (Google Chrome app) that is currently assigned to all Users.
I have find a solution that maybe is working for my purpose below:

(device.displayName -contains "_11/") and (device.displayName -contains "/2023_") or (device.displayName -contains "_12/") and (device.displayName -contains "/2023_") or (device.displayName -contains "/2024_") or (device.displayName -contains "/2025_") or (device.displayName -contains "/2026_") or (device.displayName -contains "/2027_") or (device.displayName -contains "/2028_") or (device.displayName -contains "/2029_") or (device.displayName -contains "/2030_")

This Rule syntax will show me all the new enrolled devices from the 1st November 2023 to the end of December 2030. This with the hope that all the current Android Enterprise devices will be replaced by then and we can force the Uninstall of Google Chrome to all users, is not ideally because I need to keep monitoring it but it will do the job for the moment.