Security groups are are very useful for managing objects in Azure AD. You can group devices or users and then use the security group to assign permissions or license etc. You can add Devices / Users in the Azure AD security group. You have three types of Azure AD security groups with respect to membership type Assigned, Dynamic User and Dynamic Device. In this blog post we will focus on Dynamic Device type group.
Lets create a Dynamic device group called Win10-Isolated-Devices. The devices which I want to add to this Dynamic device group contains Win10 in their name. As I can see in the Azure Active Directory, there are currently two devices exist with can match this query.
We want to collect/group all the devices which contain Win10 in their name in Win10-Isolated-Devices Azure AD dynamic device security group. Let’s create a group.
Go to Azure Active Directory -> Groups -> Click on New group.
Group Type: Security
Group Name: Win10-Isolated-Devices
Group Description: Provide a description about this group
Azure AD roles can be assigned to the group: Select No
Membership type: Select Dynamic Device. (Other options are Assigned and Dynamic User).
Click on Add dynamic query to define your dynamic query.
Here my requirement is if devices contain Win10 in their display name then it should be added to Win10-Isolated-Devices Azure AD group. There are different options in the Property and Operator values which you can customize and create a rule accordingly. Once you have created the rule then click on Save.
Please note that you will not see the devices added to the group immediately as the dynamic rule query can take couple of minutes to run and populate the device members in the group. As you can see from below screenshot, both devices which contain Win10 in their name has been added automatically. Also, any future devices which are added to azure ad if the name of the devices contain Win10, it will be automatically added to this Azure AD dynamic device security group.