Blog
Intune Training: Creating Device Categories and Dynamic Device Groups
Intune Training: Creating Device Categories and Dynamic Device Groups
Microsoft InTune is a powerful tool that allows you to easily manage and group devices. One of the key features of InTune is the ability to create device categories, which can then be used to create dynamic Azure security groups. This allows you to assign appropriate policies and applications to devices based on their category.
Creating Device Categories in Microsoft InTune
To create a device category in Microsoft InTune, you’ll need to access the Microsoft Endpoint Manager Admin Center. Simply log in to the admin center using the URL “https://endpoint.microsoft.com”. Once logged in, navigate to the “Devices” section and scroll down to “Device Categories”. Here, you can click on “Create Device Category” to add a new category.
When creating a device category, you’ll need to provide a name and an optional description. For example, you could create a category called “HR” for devices belonging to the HR department. After creating the category, you can see a confirmation message indicating that the device category has been successfully created.
Creating Dynamic Device Groups based on Device Categories
Once you have created a device category, you can use it to create dynamic device groups in Azure Active Directory. Dynamic device groups automatically add devices to the group based on their category. To create a dynamic device group, navigate to the “Groups” section in the Microsoft Endpoint Manager Admin Center and click on “New Group”.
When creating the group, make sure to select the group type as “Security” and enter a name and description for the group. In the membership type dropdown menu, select “Dynamic devices”. This will allow you to define a rule based on the device category.
To define the rule, click on “Add Dynamic Query” and select “Device Category” as the property. Set the operator to “equals” and enter the name of the device category as the value. For example, if the category is “HR”, enter “HR” as the value.
After defining the rule, click on “Create” to initiate the creation of the dynamic device group. You will see a confirmation message indicating that the group has been successfully created. Keep in mind that it may take up to 24 hours for the dynamic group membership to update.
Enrolling Devices and Selecting Device Categories
To assign devices to the correct device category, you’ll need to enroll them in Microsoft InTune using the company portal application. During the enrollment process, users will be prompted to choose the device category. Let’s go through the steps of enrolling a Windows 11 computer and selecting the device category.
First, open the Microsoft Store on the Windows 11 computer and search for the “Company Portal” application. Install the application and launch it. Enter your username and password to sign in. Make sure to select “Allow my organization to manage my device”. You will then be prompted to set up a PIN for additional security.
Next, you will be asked to choose the device category. Select the appropriate category based on the options provided. For example, if the device belongs to the HR department, select the “HR” category. Click on “Done” to complete the enrollment process.
After enrolling the device, you can confirm that it has been assigned to the correct device category by navigating to the “Devices” section in the Microsoft Endpoint Manager Admin Center. You should see the device listed with its assigned category.
Verifying Dynamic Group Membership
Once you have created a dynamic device group based on a device category, you can verify its membership. Keep in mind that it may take some time for the membership to update, so be patient.
To check the membership of a dynamic group, navigate to the “Groups” section in the Microsoft Endpoint Manager Admin Center and click on the group you created. Under the “Manage” section, click on “Members”. Here, you should see a list of devices that have been automatically added to the group based on the device category.
By utilizing device categories and dynamic device groups in Microsoft InTune, you can easily manage and assign policies to devices based on their category. This allows for more efficient device management and ensures that devices receive the appropriate policies and applications.
Thank you for reading this blog on Intune training. If you have any questions or need further assistance, please feel free to reach out. Have a nice day!
Intune Training Demo
Â
Join our Intune WhatsApp Community
Join our Intune Telegram Community