Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Feb 06, 2020

Users with Multiple Devices - Groups Best Practice

Hi All   Say a user has multiple devices like so:   Windows 10 laptop iOS Personal phone iOS DEP / Corp phone Android Enterprise Work Profile Android Enterprise COFM MacOS   Is it best to ...
Intune
Mobile Device Management (MDM)
  • MahmoudAtallah's avatar
    MahmoudAtallah
    Feb 08, 2020

    Hi StuartK73 , 

     

    I had the same scenario for one of our customers, in that case, what I would suggest,

     

    Just create a Dynamic Groups.

    Example:

     

    Windows 10 laptop 

    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
    • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

    iOS Personal phone

    • (device.deviceOwnership-eq "Personal") 

    iOS DEP / Corp phone 

    • (device.enrollmentProfileName -eq "DEP iPhones") 

    Android Enterprise Work Profile 

    • (device.deviceOSType -contains "AndroidEnterprise")
    • (device.deviceOSType -eq "AndroidForWork")

    MacOS

    • (device.deviceModel -eq "iPad Air")

     

    And then simply create your Intune Management Profiles and Categories based on those created groups. 

     

    And don't forget to benefit of using device categories.  

     

     

     

MahmoudAtallah's avatar
MahmoudAtallah
Brass Contributor

Hi StuartK73 , 

 

I had the same scenario for one of our customers, in that case, what I would suggest,

 

Just create a Dynamic Groups.

Example:

 

Windows 10 laptop 

  • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Company")
  • (device.deviceOSVersion -startsWith "10.0") and (device.deviceOwnership -eq "Personal")

iOS Personal phone

  • (device.deviceOwnership-eq "Personal") 

iOS DEP / Corp phone 

  • (device.enrollmentProfileName -eq "DEP iPhones") 

Android Enterprise Work Profile 

  • (device.deviceOSType -contains "AndroidEnterprise")
  • (device.deviceOSType -eq "AndroidForWork")

MacOS

  • (device.deviceModel -eq "iPad Air")

 

And then simply create your Intune Management Profiles and Categories based on those created groups. 

 

And don't forget to benefit of using device categories.  

 

 

 

StuartK73's avatar
StuartK73
Iron Contributor
Feb 08, 2020

MahmoudAtallah 

 

Hi Buddy

 

Thanks very much for the device queries per OS, very useful.

 

Can you please recheck the queries on:

 

AE Corp Owned Fully Managed

iOS Personal

 

Stuart

  • MahmoudAtallah's avatar
    MahmoudAtallah
    Brass Contributor
    Feb 09, 2020

    StuartK73 

     

    As the best approach is to create device categories,  by using the deviceCategory attribute. For example: device.deviceCategory -eq “Personal Device“.

    When users of iOS and Android devices enroll their device, they must choose a category from the list of categories you configured. After they choose a category and finish enrollment, their device is added to the Intune device group, or the Active Directory security group that corresponds with the category they chose.

Resources