This is the first blogpost of many where I will take you through some of the most underrated features in Microsoft Intune. When managing devices across different platforms you have probably found yourself in a situation where user and device groups has been assigned depending on the configuration and policy. While this is a discussion for another day, Microsoft has made the assignments a lot easier with a feature I rarely see in use at the customers I’m working with.
Filters in Intune allows you to narrow the assignment scope of policies. If you want to target specific groups of devices or apps, you can apply different criteria’s to match your preferred assignment scope.
Filters available: Devices enrolled in Intune (managed devices)
Apps managed by Intune (MAM scenarios even on devices not enrolled)
Example:
Company X has frontliners who are working in a Azure virtual desktop environment. They also have a physical computer enrolled in Intune. They want to apply user policies to the virtual desktops without making two security groups.
Step 1: Create Filter
– Go to endpoint.microsoft.com -> Devices -> Filters
– Create filter
Create filter based on your preferred criteria’s (manufacture, OS, deviceName.. etc)
In our example, the Azure Virtual Machines a contains a device name template that consists of “AVD_Frontliners”. We therefore apply a filter that contains that value to scope them.
Step 2: Create or edit a configuration profile
– Assign the profile to a user group
– Apply filter (Include**)
– We want to scope our assignment to AVD frontliners only. So, the policy applies to the users on the selected machines.
PS: Filter preview allows you to see if the filter rules works as intended
Exclude: Choose this option if you want to exclude users or devices based on the filter.
We now have a filter that can be applied to a user group with the “Include” or “Exclude” parameter.
Author
Discover more from Agder in the cloud
Subscribe to get the latest posts to your email.
Andreas Evensen 
Bitwise