-
-
Notifications
You must be signed in to change notification settings - Fork 110
entragroups
Below are some examples of dynamic group rules that can be used to create groups in Entra.
Note
Please consult the below documentation which has great guidance
Create Simpler and faster rules for dynamic groups - Microsoft Entra ID | Microsoft Learn
All enabled, corporate, cloud native or hybrid Windows devices managed by either Intune or CM Co-Management:
(device.accountEnabled -eq True) and (device.deviceManagementAppId -in ["0000000a-0000-0000-c000-000000000000", "54b943f8-d761-4f8d-951e-9cea1846db5a"]) and (device.deviceTrustType -in ["AzureAD", "ServerAD"]) and (device.deviceOwnership -eq "Company") and (device.deviceOSType -eq "Windows")
(device.devicePhysicalIDs -any (_ -startsWith "[ZTDID]"))
(device.devicePhysicalIDs -any (_ -startsWith "[ZTDID]")) and (device.devicePhysicalIds -all (_ -notStartsWith "[OrderID]:"))
(device.devicePhysicalIDs -any (_ -startsWith "[ZTDID]")) and (device.devicePhysicalIds -any (_ -eq "[OrderID]:%GroupTag%"))
(device.memberof -any (group.objectId -in ['APv1 Dynamic Group GUID','APv2 Assigned Group GUID']))
(device.accountEnabled -eq True) and (device.managementType -eq "MDM") and (device.deviceTrustType -eq "AzureAD") and (device.deviceManufacturer -eq "Apple") and (device.deviceOSType -eq "MacMDM") and (device.deviceOwnership -eq "Company")