Create Entra Dynamic Device Security Group using Display Name Property

Photo of author
Jatin Makhija
0

In this post, I will show you how to create Entra dynamic device security group using display name property. Security groups in Microsoft Entra ID let you group devices or users and then assign permissions, policies, or licenses to the entire group.

There are three membership types for Microsoft Entra security groups:

  • Assigned
  • Dynamic User
  • Dynamic Device

In this article, we will focus on Dynamic Device group type.

We will create a dynamic device group called Win10-Isolated-Devices that automatically collects Windows 10 devices whose device name contains Win10. This relies on a device naming convention where Windows 10 devices have Win10 in their name. The same principle can be applied to collect Windows 11 devices as well.

As an example, I have the two devices shown below that I want to automatically collect in an Entra dynamic device security group. Both devices have Win10 in their name, which can be used as the attribute to identify and add all devices containing Win10 in their name into the group.

  • AdeleV-Win10
  • JatinM-Win10
Existing Windows 10 devices
Existing Windows 10 devices

Prerequisites

Before you create the group, make sure of the following:

  • You have access to the Microsoft Entra admin center.
  • You have at least the Groups Administrator or a similar role that can create and manage groups. Reference: Create or Edit a Dynamic Membership Group and Get Its Processing Status – Microsoft Entra ID | Microsoft Learn.
  • Your tenant has the required licensing for dynamic membership groups (for users that are members of dynamic groups, a Microsoft Entra ID P1 license or Intune for Education license is required). Devices themselves do not require licenses when they are members of device-based dynamic groups.

Create Entra Dynamic Device Security Group

  • Sign in to the Entra admin center > Expand Entra ID > Groups > All groups > Click on New Group.
    • Group Type: Security
    • Group Name: Win10-Isolated-Devices
    • Group Description: Describe this group.
    • Microsoft Entra roles can be assigned to the group: Select No.
    • Membership type: Select Dynamic Device.
    • Click on Add dynamic query to add your dynamic query.
Create Entra Dynamic Device Security Group

Add the dynamic device membership rule:

  • In the Rule builder, configure the rule:
    • Property: displayName
    • Operator: Contains
    • Value: Win10

This will generate a rule similar to:

device.displayName -contains "Win10"
  • Select Save to save the rule.
  • Back on the New group page, select Create.
Create a query to collect Windows 10 devices

Wait for dynamic membership processing:

  • Dynamic group evaluation is not instant. Microsoft Entra ID processes dynamic membership in the background and updates the group over time when device attributes change.
  • After a few minutes, open your new group and review the Members tab. Devices with Win10 in their name should now appear as members of the group.

Confirm the devices are added

  • Any existing device whose display name contains Win10 will be added automatically.
  • Any new device that later joins Microsoft Entra ID and has Win10 in its display name will also be added automatically without any manual action.
Azure AD dynamic device security group

Read Next

Create Microsoft 365 Groups using PowerShell

Leave a Comment

Step-by-Step Guides: Setup /Troubleshooting/Configuring Solutions for Intune, Microsoft 365, Windows 365, PowerShell, Windows, Azure, and other Cloud Technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Enter your email address to subscribe to this blog and receive notifications of new posts by email.