Apr 26 2022 07:37 AM
Apr 26 2022 07:37 AM
Is there a way to assign an azure group to a device category.
So only users that are in that azure group are able to enrol their device into that device category.
Or so users can only see the device categories that they have been given access to by the azure group(s)?
This is to tighten up the enrollment process and just making it a cleaner/quicker approach for users.
Apr 26 2022 05:52 PM
Device categories are for devices, but not for the users, but admins can give the option to users to select the device category when enrolling the device.
Is there a way to assign an azure group to a device category
Yes. You can create device categories 1st and then using Dynamic AAD Groups (Dynamic Device), create a rule to assign devices with the specific category to the group.
This will work - Or so users can only see the device categories that they have been given access to by the azure group(s)?
This can be achieved if you install Company Portal app. When they 1st open the app, they will be asked to select the Device Category. However in this case they can see all the device categories and have to select the proper one.
Once selected, the device will be assigned to the previously created AAD Dynamic device group so you can set targeted policies for that category.
Check this - Configure device categories – Modern Device Management (jannikreinhard.com)
Hope this helps.
**If you think my answer is valid, please Accept it as the solution. Thank you**
Apr 27 2022 03:36 AM
Apr 27 2022 03:48 AM
Device Categories was already in use in our intune for windows / MACs so need to setup device cats for iOS/android devices. Its also easier for users to select the cat and then the apps and wallpaper etc is deployed to them. We can then also see the device in each cat easily via the filters.
Apr 27 2022 05:08 PM
There is no Intune or Azure AD features that allow you assign a device categorie to an AzureAD group unfortunately.
There is no way today to limit a device category usage to a specific users or devices.
As mentionned by @shehanjp you can create AzureAD group with devices categories as membership rules but this will not help you because the device will join the group after the user or an IT pro added the catagory set as the group membership criteria.
Apr 27 2022 11:57 PM
Apr 28 2022 12:16 AM
@NeilPD Another way to look at this without using device categories.. Group tags can be used to tag machines from the Device Registration page. You can use different enrollment profiles as @MMelkersen_MVP mentioned that's assigned to Group Rag based Dynamic AAD Device groups.
Also same AAD groups can be used to deploy Apps and device profiles if needed.
Apr 28 2022 12:23 AM
Yeah can see how that works. Just seems odd that this function isn't in Intune.
Migrating from AirWatch MDM to Intune seems like always finding things that you would expect as standard and it not being there. Not saying that Intune is bad, but just like changing to anything new and working my way through.