In this blog we are going to check how can we create Dynamic Security groups for Cloud PCs.
Creating Group based on Provisioning Policy
Navigate to https://endpoint.microsoft.com and Click on Groups. Click on “Create New Group” to initiate the group creation.
- In the New Group creation page, select the group type as security.
- Provide a name and description for the AD group.
- Select the Membership type as “Dynamic Device.”
- Click on “Add dynamic query” under dynamic device members. This will load the dynamic query page.
- In the dynamic query editor, select the property as “enrollmentProfileName“.
- Select the Operator as “Contains” and the value to match the “provisioning policy name“.
- In my example I created a provisioning policy as W365_AzureAD_CorpNw, so I give the value as W365.
Click on “Validate Rules (Preview)” tab and click on Add devices. Add a Cloud PC and Click on validate to validate whether the dynamic rule is working.
Creating Group based on the Device Model.
Cloud PCs will be named as “Cloud PC<the license type>” by Intune.For example my Cloud PC device model is “Cloud PC Enterprise 2vCPU/8GB/128GB”.
To create a group based on device model, Click on Groups–> New Group
- In the new group creation page, select the group type as security, provide a Name and description.
- Click on “Add dynamic query” under dynamic device members. This will load the dynamic query page.
- In the dynamic query editor, select the property as “DeviceModel” .
- Select the Operator as “Contains” and the value to match the “Cloud PC“.
Click on “Validate Rules (Preview)” tab and click on Add devices. Add a Cloud PC and Click on validate to validate whether the dynamic rule is working.
Click on Create to create the Dynamic AD group.
VDI Tech Blogs 