Share via

dynamic group of users with corporate android devices

a.elhajhouj 0 Reputation points
2023-05-25T15:55:45.2733333+00:00

how do I create a dynamic group of "users" who have an enrolled corporate android device?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2023-05-26T20:52:13.0133333+00:00

    Hi @a.elhajhouj , thanks for your follow-up comment. To create a dynamic user group these steps should work. Please let me know otherwise.

    1. Sign in to the Azure Portal
    2. Navigate to Azure Active Directory > Groups.
    3. Click on + New group.
    4. In the Group type field, select Security.
    5. Provide a name and description for the group.
    6. In the Membership type field, select Dynamic User.
    7. Click on Add dynamic query.

    Now, you need to create a dynamic membership rule to include users with corporate Android devices. Unfortunately, you cannot create a dynamic user group based on device attributes directly. However, you can create a dynamic device group with the desired attributes and then use that group to apply the Conditional Access policy.

    To create a dynamic device group for corporate Android devices, follow these steps:

    1. In the Membership type field, select Dynamic Device.
    2. Click on Add dynamic query.
    3. Enter the following rule in the Advanced rule box:
    (device.deviceOSType -eq "Android") -and (device.deviceOwnership -eq "Company")
    1. Click on Save and then Create to create the dynamic device group.

    Now that you have a dynamic device group for corporate Android devices, you can create a Conditional Access policy and target this group. Follow these steps:

    1. Navigate to Azure Active Directory > Security > Conditional Access.
    2. Click on + New policy.
    3. Provide a name for the policy.
    4. Under Assignments, select Users and groups.
    5. Under Include, click on Select users and groups and choose the dynamic device group you created earlier.
    6. Configure the rest of the policy settings as needed, such as the targeted cloud apps and access controls.
    7. Click on Create to save the policy.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.
    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    1 deleted comment

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.