Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Feb 06, 2020

Users with Multiple Devices - Groups Best Practice

Hi All   Say a user has multiple devices like so:   Windows 10 laptop iOS Personal phone iOS DEP / Corp phone Android Enterprise Work Profile Android Enterprise COFM MacOS   Is it best to ...
Intune
Mobile Device Management (MDM)
  • MahmoudAtallah's avatar
    MahmoudAtallah
    Feb 08, 2020

    Hi StuartK73 , 

     

    I had the same scenario for one of our customers, in that case, what I would suggest,

     

    Just create a Dynamic Groups.

    Example:

     

    Windows 10 laptop 

    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

    iOS Personal phone

    • (device.deviceOwnership-eq "Personal") 

    iOS DEP / Corp phone 

    • (device.enrollmentProfileName -eq "DEP iPhones") 

    Android Enterprise Work Profile 

    • (device.deviceOSType -contains "AndroidEnterprise")
    • (device.deviceOSType -eq "AndroidForWork")

    MacOS

    • (device.deviceModel -eq "iPad Air")

     

    And then simply create your Intune Management Profiles and Categories based on those created groups. 

     

    And don't forget to benefit of using device categories.  

     

     

     

MahmoudAtallah's avatar
MahmoudAtallah
Brass Contributor
Feb 08, 2020

Hi StuartK73 , 

 

I had the same scenario for one of our customers, in that case, what I would suggest,

 

Just create a Dynamic Groups.

Example:

 

Windows 10 laptop 

  • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
  • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

iOS Personal phone

  • (device.deviceOwnership-eq "Personal") 

iOS DEP / Corp phone 

  • (device.enrollmentProfileName -eq "DEP iPhones") 

Android Enterprise Work Profile 

  • (device.deviceOSType -contains "AndroidEnterprise")
  • (device.deviceOSType -eq "AndroidForWork")

MacOS

  • (device.deviceModel -eq "iPad Air")

 

And then simply create your Intune Management Profiles and Categories based on those created groups. 

 

And don't forget to benefit of using device categories.  

 

 

 

  • StuartK73's avatar
    StuartK73
    Iron Contributor
    Feb 08, 2020

    MahmoudAtallah 

     

    Hi Buddy

     

    Thanks very much for the device queries per OS, very useful.

     

    Can you please recheck the queries on:

     

    AE Corp Owned Fully Managed

    iOS Personal

     

    Stuart

    • MahmoudAtallah's avatar
      MahmoudAtallah
      Brass Contributor
      Feb 09, 2020

      StuartK73 

       

      As the best approach is to create device categories,  by using the deviceCategory attribute. For example: device.deviceCategory -eq “Personal Device“.

      When users of iOS and Android devices enroll their device, they must choose a category from the list of categories you configured. After they choose a category and finish enrollment, their device is added to the Intune device group, or the Active Directory security group that corresponds with the category they chose.

Resources