Create Group Based on Windows Autopilot Group Tag

Leave a Comment / By / Microsoft Intune, Windows Autopilot / 17 August 2024

Windows Autopilot group tags are used to categorize devices based on specific attributes. You can assign a group tag to a device during the autopilot registration or hash import. When you create rules using Autopilot device attributes, Autopilot devices that meet the criteria are automatically added to the group. This simplifies the device grouping during Autopilot device provisioning.

When creating expressions:

  • To create a group that includes all of the Autopilot devices, enter: (device.devicePhysicalIDs -any (_ -startsWith "[ZTDid]")).
  • Intune’s group tag field maps to the OrderID attribute on Microsoft Entra devices. To create a group that includes all Autopilot devices with a specific group tag (the Microsoft Entra device OrderID), enter: (device.devicePhysicalIds -any (_ -eq "[OrderID]:179887111881")).

Follow the steps below to create an Entra ID group based on the Windows Autopilot Group Tag.

  • Open the Microsoft Intune admin portal https://intutne.microsoft.com
  • Navigate to the Groups blade and click on New Group.

Entra ID New Group Based on Windows Autopilot Group Tag

  • Provide the following details on the New Group page.
    • Group Type: Security
    • Group Name: Provide appropriate name for your group. e.g. Site-XYZ-Devices
    • Group Description: Provide appropriate description for the group
    • Membership Type: Dynamic
  • Click on the Add dynamic query link to add a dynamic membership rule. The group membership will be populated based on this rule.

Intune group based on Windows Autopilot Group Tag

Click the Edit link under Rule syntax on the Dynamic membership rules > Configure Rules page. Use the below expression and replace the GroupTag with the actual group tag.

(device.devicePhysicalids -any _ -eq “[OrderID]:GroupTag”)

For example: (device.devicePhysicalids -any _ -eq “[OrderID]:WA-Test-PP”)

All the Windows Autopilot devices with the group tag “WA-Test-PP” will become members of the group.

Entra ID Group - Dynamic rule - OrderID

Click on Members> Refresh link. You should be able to see the device added to the group using the dynamic membership rule added in the previous step.

Entra ID Group - Group Tag


Related Posts


Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.

Subscribe


Recent Posts

Scroll to Top