When it comes to managing your environment where you have many departments or subsets of devices or users and where you need to target these, perhaps with a specific App, permission or policy, Dynamic Groups are your best friend.
Dynamic groups are an integral component of Entra ID, enabling the application of dynamic membership rules for automatic addition and removal of members, whether they are users or devices. When a group member’s attributes change, the system refers to the dynamic group rules to determine if the member fulfils the rule requirements for addition or no longer fulfils them for removal. Manual addition or removal of members from dynamic groups is not permitted.
Within Microsoft Intune Dynamic Groups can be very useful. When initially setting up Intune the first groups I usually create are:
- Windows devices
- iOS Devices
- Android Devices
- Windows 10
- Windows 11
These allow me to push out apps and settings based on the above criteria.
To set up a Dynamic Group with Intune you can follow these steps.
Go to “Groups – Microsoft Intune admin” Page making sure you are signed in as either a Global administrator , Intune administrator, or User administrator role in the Entra ID.
Select New Group
Select New Group
On the New group page you can see the opportunity to add a few group attributes. For this exercise we are concentrating on The “Group Name“, “Group Description” and “Membership Type”
Once you have given the group a Name and Description based on your naming convention. The next attribute you need to change is Membership Type.
Click the drop down and her is where you can select either Dynamic User or Dynamic Device.
In this instance I will select Dynamic Device
This is where the magic happens so to speak. You will notice the “Members” changes to “Dynamic device members” with Add dynamic query hyperlink. You are taken to the Dynamic membership rules page.
The following list is contains a few Rule syntax to create the groups listed above:
| Group Name | Rule Syntax |
| Windows devices | (device.deviceOSType -contains “Windows”) |
| iOS Devices | (device.deviceOSType -eq “iOS”) |
| Android Devices | (device.deviceOSType -eq “Android”) |
| Windows 10 | (device.deviceOSVersion -startsWith “10.0.1”) |
| Windows 11 | (device.deviceOSVersion -startsWith “10.0.2”) |
Click the edit icon at the top right of the grey box and enter one of the above Rule Syntax. and Click OK.
Then Click Save. This takes you back to the New Group Windows
Finally Click the Blue “Create” button to complete the process.
And take you back to the All groups Page
