Currently devices on the Windows Server platform don’t support mobile device management (MDM) and can’t enroll in Intune. With the Microsoft Defender for Endpoint Security Management feature, Windows Servers can receive security management policies from Intune as outlined in Use Intune to manage Microsoft Defender for Endpoint Security on devices not enrolled with Microsoft....
Today, Windows Servers are labeled as “Windows” for the attributes that refer to its operating system (OS) platform. This non-specific label makes it difficult to manage these devices when it comes to granular visibility and targeting. Keep reading to see how we’re making improvements and what actions you may need to take.
How this works
As part of Intune’s May (2305) service-side release, you can expect Windows Server devices that currently display as “Windows” to update to “Windows Server” as the OS platform.
This allows customers to view and filter against Windows Servers in reporting as well as create groups of devices that contain only Windows Servers or exclusively Windows clients for targeting.
What changes can you expect?
Windows Server devices will show up as “Windows Server” rather than “Windows” for the OS platform attribute. This change applies to Intune, Microsoft Defender for Endpoint, and Azure Active Directory (Azure AD).
For example, the All Devices list in Azure AD:
A screenshot of the All devices pane in Azure Active Directory.
For example, the All Devices list in Intune:
A screenshot of the All devices pane in the Microsoft Intune admin center.
In addition to the existing “Windows” deviceType, a new value “Windows Server” will be introduced for deviceType.
This will apply to the following device platforms:
- Windows 10 Professional/Enterprise (with KB5006738).
- Windows 11 Professional/Enterprise.
What should customers do to prepare for the change?
If you have Windows Server devices configured in your tenant, expect the OS platform to update to “Windows Server” in your reporting views.
If you have any custom scripts that refer specifically to the Windows platform, they will not include the new “Windows Server” value for the deviceType and will need to be updated.
If you’re using Azure AD dynamic device groups with specified rules that reference “Windows,” this will now exclude Windows Servers. Look to update the dynamic group rules to include Windows Servers specifically. For example, if you have rules that use the “equals” or “not equals” operator, then you must explicitly update the rule to reference “Windows Server.” If you have rules that use the “contains” or “like” operator, then the rule won’t be impacted.
Let us know if you have any additional questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.