Microsoft Intune Device Categories

Microsoft Intune Device Categories

In this blog post, I am going to cover how to use Device Categories in Microsoft Intune.  Device Categories can help with managing devices using Microsoft Intune and Azure Active Directory. This post will build upon my last two blog post on Dynamic Groups - https://blogs.technet.microsoft.com/pauljones/2017/08/28/dynamic-group-membership-in-azure-active-directory-part-1/

I will document (with screen shots) the following steps:

  • Create Categories in Microsoft Intune
  • Create Dynamic Groups based on the Categories
  • Deploy Policies and Apps to Dynamic Groups

 

 

Create Categories in Microsoft Intune Console (Azure Portal)

The first step is to create Categories in the Intune Console (Azure Portal).

Launch Azure Portal - https://portal.azure.com and navigate to the Intune Blade.  Once in the Intune Console, navigate to Device Enrollment and select Device Categories.  Click + Create,   enter a Name for the Category, then click on the Create button at the bottom of the page.

In the screen shot below, it shows where I created 4 different Categories: Virtual Machines, iOS Devices, Android Devices and Physical Machines.  I will focus on managing Windows 10 Virtual Machines in this post.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now that we have the Device Categories created in the Portal, we will now move create a Dynamic Group using Azure Active Directory.

 

Create Dynamic Groups based on Device Category

From the Azure Portal, select the Azure Active Directory blade - choose Users and Groups - select All Groups.  This will list all the current Security and Office Groups.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

At the top of the blade, click + New Group to create a New Group. Enter a Name - I used Windows 10 Virtual Machines for this example.  Choose Membership Type - Dynamic Device and finally select Dynamic Device Members - Add dynamic query.  Now it is time to add the dynamic membership rule - Under Add Devices Where select the following: deviceCategory Equals then type in Virtual Machines.

 

 

 

 

With those 2 steps: Create Device Category, then Create Dynamic Group, we will now be able to deploy Apps and Polices to devices based on Categories.

Now the final step is to deploy Apps and Policies to Dynamic Group.

 

Deploy Apps and Policies based on Device Category

I will not document the steps to create a Configuration Profile, but I will share a screen shot where I deployed Device Configuration Profile (Windows Defender Firewall) to the Dynamic Group (Windows 10 Virtual Machines) which is based on the Device Category (Virtual Machines).

 

 

 

The next screen shot will display deploying an Application  (Azure Information Protection) to the same Dynamic Group (Windows 10 Virtual Machines).

 

 

 

This concludes my blog post on using Device Categories with Microsoft Intune and Azure Active Directory to help better manage devices.