Skip to content

intunefilters

Jump to bottom
James Robinson [MVP] edited this page Sep 12, 2024 · 2 revisions

Intune Filter Examples

Tip

Please review the below documentation for all available properties and operators when creating filters in Microsoft Intune:

App and device properties, operators, and rule editing when creating filters in Microsoft Intune | Microsoft Learn

Important

Not all workloads support filters! Please review the below documentation for all supported workloads:

List of platforms, policies, and app types supported by filters in Microsoft Intune | Microsoft Learn

Using filters in Intune is far more performant than using dynamic Entra groups.

DO DON'T
Use the built-in virtual groups ✅ Use the All users and All devices virtual groups instead of creating your own version of all users/all devices using Microsoft Entra dynamic groups. ❌ Don't create your own "All users" or "All devices" dynamic groups for policy and app targeting in Intune.
Reuse groups ✅ Reuse the same group objects for assigning multiple policies. ❌ Don't create duplicate copies of the same group to target different policies.
❌ Don't create dedicated "App groups" or "Policy groups".
Make incremental group changes ✅ Be careful with large group nesting changes in Microsoft Entra ID. ❌ Don't make large group nesting changes all at once.
Use filters to include and exclude ✅ Use filters to achieve the correct user+device combination for targeting. ❌ Don't mix user groups and device groups when using Include and Exclude groups.

Source: Performance recommendations for grouping, targeting, and filtering in large Microsoft Intune environments | Microsoft Learn

Generic

Note

Below are some example Filter syntaxes that can be used, not an exhaustive list. Filters can be combined to create more complex requirements.

Filters are created associated with a specific platform. You can't use a "Windows 10 and later" filter in an iOS scenario, for example.

> Device Ownership <

Corporate Devices:

(device.deviceOwnership -eq "Company")

Personal Devices:

(device.deviceOwnership -eq "Personal")

Tip

Do yourself a favour - Keep personal devices out of Intune!

> Device Name <

Devices with a specific name:

(device.deviceName -eq "%DeviceName%")

Tip

Can be handy for quick troubleshooting or testing scenarios.

> OS Version <

Devices on a specific OS Version:

(device.operatingSystemVersion -eq "%OSVersion%")

  • Examples:
    • (device.operatingSystemVersion -eq "17.6.1")

Devices greater than or equal to a minimum OS version:

(device.operatingSystemVersion -ge "%MinimumOSVersion%")

  • Examples:
    • (device.operatingSystemVersion -ge "15")

> Manufacturer and Model <

Devices from a specific manufacturer:

(device.manufacturer -eq "%ManufacturerName%")

Devices from a specific manufacturer with a specific model:

(device.manufacturer -eq "%Manufacturer%") and (device.model -eq "%ModelName%")

  • Examples:
    • (device.manufacturer -eq "Samsung") and (device.model -eq "SM-S918B")
    • (device.manufacturer -eq "Apple") and (device.model -eq "iPhone 13")
    • (device.manufacturer -eq "Dell Inc.") and (device.model -eq "Latitude 7420"

Windows

> Device Type <

Corporate Windows 10 Devices:

(device.deviceOwnership -eq "Corporate") and (device.operatingSystemVersion -le "10.0.22000.1000")

Corporate Windows 11 Devices:

(device.deviceOwnership -eq "Corporate") and (device.operatingSystemVersion -ge "10.0.22000.1000")

Windows 365 Devices:

(device.manufacturer -eq "Microsoft Corporation") and (device.model -startswith "Cloud PC")

Dev Boxes:

(device.manufacturer -eq "Microsoft Corporation") and (device.model -startswith "Dev Box")

Hyper-V Virtual Machines:

(device.manufacturer -eq "Microsoft Corporation") and (device.model -eq "Virtual Machine")

AVD Session Hosts:

(device.operatingSystemSKU -eq "ServerRdsh")

> Join Type <

Entra Joined Devices:

(device.deviceTrustType -eq "Azure AD joined")

Hybrid Joined Devices:

(device.deviceTrustType -eq "Hybrid Azure AD joined")

> Autopilot <

Devices with a specific Autopilot Profile:

(device.deviceOwnership -eq "Corporate") and (device.enrollmentProfileName -eq "%ProfileName%")

Warning

This filter can break if you go and change the name of the Autopilot profile in the future!

> Manufacturer <

Popular Manufacturer Queries

  • Microsoft
    • (device.manufacturer -eq "Microsoft Corporation")
  • Dell
    • (device.manufacturer -eq "Dell Inc.")
  • HP
    • (device.manufacturer -in ["HP Inc.", "HP", "Hewlett-Packard"])
  • Lenovo
    • (device.manufacturer -eq "Lenovo")

MacOS

> Architecture <

Apple Silicon Macs

(device.cpuArchitecture -eq "arm64")

Intel Macs

(device.cpuArchitecture -eq "x64")

iOS/iPadOS

> Enrolment Type <

Apple Business Manager devices enrolled with a specific enrollment profile:

(device.enrollmentProfileName -eq "%EnrolmentProfileName%")

Devices not enrolled via Apple Business Manager:

(device.enrollmentProfileName -eq null)

Android Enterprise

> Enrolment Type <

Personally-owned devices with work profile:

(device.enrollmentProfileName -eq null)

Important

If you happen to have enrolled corporate-owned devices like this as well as personal, the only additional delineation you could make would be to add the device.deviceOwnership -eq "Personal" or device.deviceOwnership -eq "Corporate" properties. It is recommended to enrol corporate devices using an appropriate corporate-owned enrolment method.

Corporate-owned dedicated devices, Corporate-owned, fully managed user devices, or Corporate-owned devices with work profile:

(device.enrollmentProfileName -eq "%EnrollmentProfileName%")

OIB Wiki Menu

Clone this wiki locally