How to create a dynamic group in Azure for a servers in APAC, EMEA and AME region in an organization?

Nishant Potdar 81 Reputation points
2022-11-15T05:17:56.277+00:00

Hi All,

I want to create dynamic Azure groups for the servers located under APAC, EMEA, and AME regions in my organization. So that all servers in the respective areas can be sorted out and be found in a lesser time.

I didn't find anything like DeviceRegion something in the properties while creating the rule. I believe, extension attributes can be used to define and map the value.

Kindly guide.

Thanks in Advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,514 questions
{count} votes

Accepted answer
  1. Harpreet Singh Matharoo 7,621 Reputation points Microsoft Employee
    2022-11-15T08:55:08.18+00:00

    Hello @Nishant Potdar

    I would like to share following details to answer your query.

    • Easiest way to accomplish your ask would be to have a naming convention which would include initials for Device region like "AP for APAC", "EM for EMEA" and "AM for AME". Example name: AP-Device0123. Later you can create group with rule similar to listed as below:

    (device.displayName -contains "AP-") or (device.displayName -contains "EM-") or (device.displayName -contains "AM-")

    • If you wish you to do using Extension attribute then we can do this as well however please note, for this to be successful you would need to have device enrolled in Intune. For more details about extension attribute please review following: Policy behavior with filter for devices

    To publish extension attributes on Azure AD Device you would need to perform an PATCH query using Graph to add value to selected extenstion attribute

    PATCH https://graph.microsoft.com/v1.0/devices/{Device-Object-ID}

    Pass the JSON body as below:
    {
        "extensionAttributes": {
            "extensionAttribute1": "APAC"
        }
    }

    Once the value is supplied you can then make a Dynamic membership rule like (device.extensionAttribute1 -eq 'APAC') or (device.extensionAttribute1 -eq 'EMEA') or (device.extensionAttribute1 -eq 'AME').

    I hope this helps and resolves your query.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful