In this guide, we explore Intune Device Categories feature.
To make managing devices easier, you can use device categories to automatically add devices to groups based on categories that you define.
This two step process involves creating your categories and then respective dynamic Azure AD groups which ties the entire mechanism togther.
Create Device Categories
Sign in to your Endpoint Manager portal by browsing to https://endpoint.microsoft.com
From the home dashboard, navigate to Devices > Device Categories.
Select the ‘Create Device Category’ button.
Set a Name and Description.
**Example**
Name: Marketing
Description: Device category for Marketing devices
Select ‘Next’ and keep the default Scope Tag selected.
Select ‘Next’ and then ‘Create.
You will see the Marketing device category appear in the list ready for use.
Create an Azure AD Dynamic Group
Sign in to your Azure portal by browsing to https://portal.azure.com
From the home dashboard, select ‘Azure Active Directory’.
From the left side menu, select ‘Groups’.
Select the ‘New Group’ button.
Complete the required information:
**Example**
Group Type: Security
Group Name: Marketing Devices
Group Description: Group for Marketing devices.
Azure AD roles can be assigned to the group: No
Membership Type: Dynamic Device
Owners: No
Select ‘Add Dynamic Query’
Within the query builder, we configure the query values as below:
Property: deviceCategory
Operator: Equals
Value: Marketing (Friendly name given to your device category in Endpoint Manager)
Clicking away from the query builder, we can see Azure AD automatically translates your configuration values into a Rule Syntax.
The Rule Syntax should look identical to this: (exception of the value between quotation marks is unique to your device category friendly name)
(device.deviceCategory -eq “Your_Device_Category_Name”)
Select the ‘Save’ button to save the dynamic query.
Select the ‘Create’ button to build the Azure AD dynamic group.
Once created, you will see Marketing Devices Azure AD dynamic group appear in the list ready for use.
See in Action
During enrolment to Endpoint Manager, Company Portal app will request the user select a device category from the list provided.
In this example, the Marketing device category is selected in order to demonstrate an Azure AD dynamic group at work.
Once enrolment has been completed, the Azure AD dynamic group triggers an evaluation of the tenant against criteria set in the dynamic rule syntax. If the evaluation finds a device matching the criteria, that device is automatically added as a member of the group.
We can see our iPhone is now a member of the Marketing Devices group.
