Security groups are very useful for managing objects in Entra ID. You can group devices or users and then use the security group to assign permissions, licenses, etc. You can add Devices and Users to any Entra Security group.
There are three types of Entra security groups: Assigned, Dynamic User, and Dynamic Device. This blog post will focus on the Dynamic Device type group.
We’ll create a dynamic device group called Win10-Isolated-Devices. This dynamic group will be to group Windows 10 devices. We have a naming convention for devices where Win10 suffix is added for Windows 10 devices. This will be useful to create a query and dynamically group those devices in to the Dynamic device group.
Let’s check the steps:
- Go to Entra admin center > Groups > All groups > Click on New Group.
- Group Type: Security
- Group Name: Win10-Isolated-Devices
- Group Description: Describe this group.
- Azure AD roles can be assigned to the group: Select No
- Membership type: Select Dynamic Device.
- Click on Add dynamic query to define your dynamic query.
- In this case, the requirement is to add devices to the Win10-Isolated-Devices Entra ID group if their display name contains Win10. You can customize the rule using different options for Property and Operator values. Once the rule is configured, click on Save.
- Property: displayName
- Operator: Contains
- Value: Win10
- Please note that you won’t immediately see the devices added to the group. The dynamic rule query may take a few minutes to run and update the group’s device members.
- The screenshot below shows that both devices with Win10 in their name have been automatically added. Furthermore, any future devices added to Entra ID with Win10 in their name will also be automatically included in this dynamic device security group.
