Share via

I want to create a dynamic group which contains all windows 10/11 computers which are ServerAd trusted and are owned by the company

Killerbe 50 Reputation points
2023-10-06T13:20:45.16+00:00

This is the query i have created, but validation always includes Azure AD Registered machine which are definitely not owned by the company

(device.deviceTrustType -eq "ServerAd") -and (device.deviceOSType -eq "Windows") -and (device.deviceOwnership -eq "Company") -and (device.deviceOSVersion -startsWith "10.0.1") -or (device.deviceOSVersion -startsWith "10.0.2")
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Vasil Michev 119.7K Reputation points MVP Volunteer Moderator
    2023-10-06T17:11:14.76+00:00

    As you have two conditions for the deviceOSVersion property, you should add parenthesis around them to ensure proper processing:

    (device.deviceTrustType -eq "ServerAd") -and (device.deviceOSType -eq "Windows") -and (device.deviceOwnership -eq "Company") -and ((device.deviceOSVersion -startsWith "10.0.1") -or (device.deviceOSVersion -startsWith "10.0.2"))

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.