Efficiently Target Your Devices and Users with Intune Filters

As many of you are likely already aware, Intune filters is a feature of Microsoft Intune that enables administrators to filter and target specific groups of devices or users based on certain criteria.

This helps to manage devices and users in a more efficient and effective way by applying policies and configurations only to the devices or users that need them, rather than applying them to the entire organization.

Some common use cases of using Intune filters include:

  1. Targeting policies and configurations to specific groups of devices or users based on location, department, device type, or any other attribute that is relevant to your organization.
  2. Applying security policies to only those devices that are considered high-risk, such as those that have been compromised or are known to be vulnerable.
  3. Ensuring that devices and users are compliant with company policies and regulations, such as those related to data protection and privacy.
  4. Managing devices that are owned by employees or those that are owned by the organization.
  5. Restricting access to company resources and data based on certain criteria, such as location or device type.

For more information about the intune filters, please read Create filters in Microsoft Intune | Microsoft Learn

Screenshot that shows how the admin creates a filter, and uses the filter in a policy in Microsoft Intune.

In this blog post, I will list down the most frequently used filters that will help you to apply policies and configurations in a more targeted and efficient way.

The following list is not limited and you can create numerous filters based on your specific needs.

All Devices – Microsoft:

(device.manufacturer -eq "Microsoft")

All Devices – Dell:

(device.manufacturer -eq "Dell")

All Devices – Lenovo

(device.manufacturer -eq "Lenovo")

All Devices – Rooted:

(device.isRooted -eq "True")

All Devices – Autopilot profile:

(device.enrollmentProfileName -startsWith "Autopilot Profile Name")

All Devices – Hybrid & Azure AD Joined:

(device.deviceTrustType -in ["Hybrid Azure AD joined","Azure AD joined"])

All Devices – Enterprise Edition:

(device.operatingSystemSKU -eq "Enterprise")

All Devices – Pro:

(device.operatingSystemSKU -eq "Professional")

All Devices - (Except Surface Hub) Windows 10 22H2:

(device.osVersion -startsWith "10.0.19045") and (device.model -notContains "Surface Hub")

All Devices - Azure AD joined:

(device.deviceTrustType -eq "Azure AD joined")

All Devices - Hybrid Azure AD joined or Azure AD joined:

(device.deviceTrustType -eq "Hybrid Azure AD joined") or (device.deviceTrustType -eq "Azure AD registered")

All Devices - Hybrid Azure AD joined - Windows 11:

((device.deviceTrustType -eq "Hybrid Azure AD joined") or (device.deviceTrustType -eq "Azure AD registered")) and (device.osVersion -startsWith "10.0.2")

All Devices - Windows 10:

(device.osVersion -startsWith "10.0.1")

All Devices - Windows 11:

(device.osVersion -startsWith "10.0.2")

Enrolled Devices – iOS profile:

(device.enrollmentProfileName -eq "iOS - Singapore")

Personal Devices  macOS:

(device.deviceOwnership -eq "Personal")

Physical Devices - All Windows OS:

(device.osVersion -startsWith "10.0.") and (device.model -notContains "Virtual") and (device.model -notContains "Cloud PC")

Physical Devices - Windows 11:

(device.osVersion -startsWith "10.0.2") and (device.model -notContains "Virtual") and (device.model -notContains "Cloud PC")

Virtual Devices - All Windows OS:

(device.osVersion -startsWith "10.0.") and (device.model -contains "Virtual")

Virtual Devices - All Windows OS (Azure AD only):

(device.osVersion -startsWith "10.0.") and (device.model -eq "Virtual Machine")

Virtual Devices - Windows 10:

(device.osVersion -startsWith "10.0.1") and (device.model -contains "Virtual")

Virtual Devices - Windows 11:

(device.osVersion -startsWith "10.0.2") and (device.model -contains "Virtual")

Windows 365 Devices - All Windows OS:

(device.model -startsWith "Cloud PC")

Windows 365 Devices - Windows 10:

(device.osVersion -startsWith "10.0.1") and (device.model -startsWith "Cloud PC")

Windows 365 Devices - Windows 11:

(device.osVersion -startsWith "10.0.2") and (device.model -startsWith "Cloud PC")

Windows Out of Box (OOB) Devices:

(device.deviceName -startsWith "OOB")

If your organization utilizes a distinct set of filters, feel free to share them in the comments section, and I will incorporate them into the blog post.

Hope you find the blogpost useful.

4 Responses to "Efficiently Target Your Devices and Users with Intune Filters"

  1. can I create a filter based on Device Enrollment date - the date the device was enrolled into Intune?
    $Device.enrolledDateTime ?

    Reply
    1. Hi,
      There is no direct attribute available to create the device group or filter.
      you can use powershell/graph to pull the devices based on the enrollment date and add to the group.

      Thanks,
      Eswar

      Reply
  2. Hello,

    Thanks for this great post. How can achieve similar functionalities of AD organizational units ? We use to create SCCM collections based on AD OU (One OU per department / Project) ou can we achieve equivalent granularity in Intune ?

    Reply

Post Comment