Skip to main content

Dynamic Device Group for Company-Owned Windows Devices

Field

Details

Document Type

How-To Guide - Create a Dynamic Group Runbook

Applies To

Microsoft Entra ID & Microsoft Intune

Audience

2nd Line, Entra ID & Intune Admin

Author

AK. Udofeh

Last Updated

Nov 2025

Overview

This document explains how to create a dynamic device group in Microsoft Entra ID (formerly Azure AD) that automatically includes all University-Company-owned Windows devices that are Microsoft Entra-joined.Joined. This group can then be targeted for Intune policies.

Key properties used

  • Devices: Windows 10 and Windows 11

  • Enrollment: Manual Microsoft Entra join by users

  • Ownership: Company (Corporate-owned)

  • Management: Intune-managed (MDM)

  • Goal: Automatically group these devices without manual assignment.

Steps to Create the Dynamic Device Group

    Sign in to Entra Admin Center

    Go to Intune Admin Center Microsoft Intune admin center

    Navigate to Groups > All Groups.

    Click + New Group.

    Group type: Security

    Group name: Corporate Windows Devices

    Membership type: Dynamic Device

    Add Dynamic Membership Rule

    Under Dynamic membership rules, click Edit.

    Choose Rule syntax and paste the following:

     (device.deviceOSType -eq "Windows") and (device.trustType -eq "AzureAD") and (device.deviceOwnership -eq "Company") and (managementType -eq "MDM")

     

    Back to top