Skip to main content

Dynamic Device Group for Company-Owned Windows Devices

Field

Details

Document Type

How-To Guide - Create a Dynamic Group Runbook

Applies To

Microsoft Entra ID & Microsoft Intune

Audience

2nd Line, Entra ID & Intune Admin

Author

AK. Udofeh

Last Updated

Nov 2025
Overview

This document explains how to create a dynamic device group in Microsoft Entra ID (formerly Azure AD) that automatically includes all Company-owned Windows devices that are Microsoft Entra-Joined. This group can then be targeted for Intune policies.

Key properties used

  • Devices: Windows 10 and Windows 11

  • Enrollment: Manual Microsoft Entra join by users

  • Ownership: Company (Corporate-owned)

  • Management: Intune-managed (MDM)

  • Goal: Automatically group these devices without manual assignment.

Steps to Create the Dynamic Device Group

  • Sign in to Entra Admin Center

  • Go to Intune Admin Center Microsoft Intune admin center

  • Navigate to Groups > All Groups.

  • Click + New Group.

  • Group type: Security

  • Group name: Corporate Windows Devices

  • Membership type: Dynamic Device

  • Add Dynamic Membership Rule

  • Under Dynamic membership rules, click Edit.

  • Choose Rule syntax and paste the following:

 

 (device.deviceOSType -eq "Windows") and (device.trustType -eq "AzureAD") and (device.deviceOwnership -eq "Company") and (managementType -eq "MDM")

 

Back to top