Share via

Is it possible to create a dynamic group using different elements (devices and users) ?

Fabio Lira 25 Reputation points
2024-06-25T14:38:55.76+00:00

Hello everybody.

I need to create a dynamic group of devices, where all devices belonging to users in city X are automatically inserted into this dynamic group.

It is possible ? Or should I use another method to get the same result?

Note: I already have a dynamic group of users for each location.

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2024-06-26T07:33:36.3366667+00:00

    @Fabio Lira

    Thank you for posting this in Microsoft Q&A.

    As I understand you want to create a dynamic rule for devices with respect to users city.

    This is not possible because, you can create a dynamic group for devices or for users, but you can't create a rule that contains both users and devices.

    And also, you can't create a device group based on the user attributes of the device owner. Device membership rules can reference only device attributes.

    Below is the article that talks about device attributes that can be used to create dynamic rules for devices,

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#rules-for-devices

    To achieve your task, as Vasil Michev mentioned you can populate any of the extension attributes for the devices and then use that extension attribute in your dynamic rule.

    When you look at above article, extension attributes 1-15 are available for constructing device dynamic rule.

    When using extensionAttribute1-15 to create Dynamic Groups for devices you need to set the value for extensionAttribute1-15 on the device.

    The extensionAttributes property of the device entity is managed only in Microsoft Entra ID during device creation or update.

    Updating extension attribute is not possible via GUI.

    You can check below article to update extension attribute property on device object in Azure.

    https://learn.microsoft.com/en-us/graph/api/device-update?view=graph-rest-1.0&tabs=http&preserve-view=true#example-2--write-extensionattributes-on-a-device

    Let us know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2024-06-25T16:57:17.45+00:00

    Rules for device groups can only use attributes on the device object itself, not any associated user. As a workaround, you can populate one of the extensionAttributeXX with the City value and use it as a basis for the device rule.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.