Create Entra Device Security Group using display Name Property

Security groups are very useful for managing objects in Entra ID. You can group devices or users and then use the security group to assign permissions, licenses, etc.

You can add Devices/Users to the Entra Security group. Concerning membership type, there are three types of Entra security groups: Assigned, Dynamic User, and Dynamic Device. This blog post will focus on the Dynamic Device type group.

We’ll create a dynamic device group called “Win10-Isolated-Devices.” This group will include devices with “Win10” in their name. After checking the Entra ID, I noticed two devices match this query.

Existing Windows 10 devices
Existing Windows 10 devices

We want to gather all devices with Win10 in their names in the Win10-Isolated-Devices Entra Dynamic security group.

Let’s check the steps:

  • Go to Entra admin center -> Groups -> All groups > Click on New Group.
  • Group Type: Security
  • Group Name: Win10-Isolated-Devices
  • Group Description: Describe this group.
  • Azure AD roles can be assigned to the group: Select No
  • Membership type: Select Dynamic Device. (Other options are Assigned and Dynamic User).
  • Click on Add dynamic query to define your dynamic query.
Add Dynamic Query for the Entra security group
Add Dynamic Query for the Entra security group
  • In this case, the requirement is to add devices to the “Win10-Isolated-Devices” Azure AD group if their display name contains “Win10.” You can customize the rule using different options for Property and Operator values. Once the rule is configured, click on “Save.”
    • Property: displayName
    • Operator: Contains
    • Value: Win10
Create a query to collect Windows 10 devices
Create a query to collect Windows 10 devices
  • Please be aware that you won’t immediately see the devices added to the group. The dynamic rule query may take a few minutes to run and update the group’s device members.
  • The screenshot below shows that both devices with “Win10” in their name have been automatically added. Furthermore, any future devices added to Entra ID with “Win10” in their name will also be automatically included in this dynamic device security group.
Azure AD dynamic device security group
Devices are automatically added to the group

Leave a Comment