Self Deployment vs User Deployment

New Contributor



I have two kinds of computers, Kiosks and User machines.

All Kiosks have Chrome, and some other programs.

User Machines has everything a Kiosk has, and some additional software.


How do I separate and distinguish them? I created two dynamic groups (but both have (device.devicePhysicalIds -any "_ -contains "[ZTDId]"))


I need all Kiosks going to by Deployment Profile for Kiosks and All users going to my User Driven Deployment.


3 Replies

Hey @anon1m0us1,


typically Kiosk or Shared devices are imported with a special Group Tag and a dynamic query does query for the specific group tag e.g. 

(device.devicePhysicalIds -any _ –startsWith “[OrderID]:MyKioskDevicesTag”)


So, you could easily use your existing dynamic group with (device.devicePhysicalIds -any "_ -contains "[ZTDId]")) for your users Autopilot profile and exclude your new dynamic groups in the user profile and finally use the new dynamic group as include for your Kiosk Autopilot profile.


See here some good info about group tag: Fun with Windows Autopilot Group Tags – Out of Office Hours (




So would the profile ZID automatically not include th devices with the Tags of Kiosks?

For now, i created 3 profiles.
1) Kiosks
2) Shared computer
3) A user computer

Is that a efficient way of doing it?
1) Kiosks only get One screen with autologon
2) Shared computer has a generic local logon but users can browse to OWA but no office tools installed.
3) user computer gets Office Installed

Hey @anon1m0us1,


go for whatever fits best for you. I personally work with exclude groups. I create a dynamic group to group for all kiosk devices and these I exclude on my standard user profile. This way I don't need to modify my standard user dynamic query to exclude something within the query itself, I just add the exclude group. Same then again for shared devices.