MicrosoftRyan MorashI found an article which talked about how devices enrolled using this method are tagged with an enrollmentProfileName set to "OfflineAutopilotprofile-<ZtdCorrelationId found in the JSON>". Making for an advanced (and ugly) dynamic query like this:
(device.devicePhysicalIds -any _ -eq "[OrderID]:LabPC") -or (device.enrollmentProfileName -eq "OfflineAutopilotprofile-55513afc-7589-454d-8b56-847059775816")
For some reason, this mysteriously worked for me on my first try. However, every attempt since has failed to be added to the expected group and I am not sure that if it were to be added to the correct group, that it would happen soon enough to be assigned the correct Enrollment Profile.
I suspect that during my initial experimentation, I had accidentally made the expected Enrollment Profile function as the default. I know that the article is partially true, as my first device is listed in a dynamic group having the following query:
(device.enrollmentProfileName -eq "OfflineAutopilotprofile-55513afc-7589-454d-8b56-847059775816")
Now, I am trying to figure out how to "see" the device.enrollmentProfileName value on a device. It doesn't seem to come back when using Get-AzureADDevice in the AzureAD module, nor Get-AutoPilotImportedDevice in the WindowsAutopilotIntune module. Sure wish there was a detailed device view/export in the web GUI.
