Dynamic Membership Rules & Queries

The following rules/queries can be used to create dynamic groups within Intune.

All Corporate Devices
(device.deviceOwnership -eq “Company”)

All Corporate Apple Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -eq “Company”) -and ((device.deviceOSType -eq “iPad”) -or (device.deviceOSType -eq “iPhone”) -or (device.deviceOSType -eq “iPod”))

All Corporate Android Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -eq “Company”) -and (device.deviceOSType -eq “Android”)

All Corporate Windows Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -eq “Company”) -and (device.deviceOSType -eq “Windows”)

All Personal Devices
(device.deviceOwnership -ne “Company”)

All Personal Apple Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -ne “Company”) -and ((device.deviceOSType -eq “iPad”) -or (device.deviceOSType -eq “iPhone”) -or (device.deviceOSType -eq “iPod”))

All Personal Android Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -ne “Company”) -and (device.deviceOSType -eq “Android”)

All Personal Windows Devices
(device.managementType -eq “MDM”) -and (device.deviceOwnership -ne “Company”) -and (device.deviceOSType -eq “Windows”)

All Apple Devices
(device.managementType -eq “MDM”) -and ((device.deviceOSType -eq “iPad”) -or (device.deviceOSType -eq “iPhone”) -or (device.deviceOSType -eq “iPod”))

All Android Devices
(device.managementType -eq “MDM”) -and (device.deviceOSType -eq “Android”)

All Windows Devices
(device.managementType -eq “MDM”) -and (device.deviceOSType -eq “Windows”)


The following Microsoft article helped: https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-dynamic-membership

Leave a Reply

Your email address will not be published. Required fields are marked *