I need to add Dynamic user groups in Assignments for our LAPs deployment in Intune

Muhammad Zeeshan 100 Reputation points
2024-09-02T12:31:30.02+00:00

I need to add Dynamic user groups in Assignments for our LAPs deployment for Intune should that work because we don't have dynamic devices groups in Intune

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,969 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Aleksandr Kolesnikov 486 Reputation points
    2024-09-02T13:46:18.1333333+00:00

    Hi @Muhammad Zeeshan

    According to Microsoft's description, they recommend user device groups but are not limited to that.

    For Assignments, select the groups to receive this policy. We recommend assigning LAPS policy to device groups. Policies assigned to user groups follow a user from device to device. When the user of a device changes, a new policy might apply to the device and introduce inconsistent behavior, including which account the device backs up or when the managed accounts password is next rotated.

    Refer to Create a LAPS policy

    Best regards,

    Aleksandr


    If the response is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. ZhoumingDuan-MSFT 12,415 Reputation points Microsoft Vendor
    2024-09-03T01:21:42.6533333+00:00

    @Muhammad Zeeshan, Thanks for posting in Q&A.

    From your description, I know you want to create a dynamic user group and apply to LAPS policy assignment.

    Based on my research, here is a link about how to create Dynamic membership rules for groups in Microsoft Entra ID.

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership

    However, as @Aleksandr Kolesnikov mentioned, Microsoft official document recommend use device groups, so it is suggested that you create a dynamic device group and apply it to LAPS policy.

    For creating dynamic device group, you can refer the link below.

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#rules-for-devices

    Hope above information can be helpful.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Muhammad Zeeshan 100 Reputation points
    2024-09-03T06:18:57.99+00:00

    Hi @ZhoumingDuan-MSFT @Aleksandr Kolesnikov Actually i don't have dynamic devices groups, we only have uses dynamic groups as per different physical location .
    Now what i need i want to deploy LAPS on region(Location) basis so how i can apply laps policy on location basis on devices like we have 20 dynamic user groups (Location base) and i need to deploy LAPS on devices on location basis in chunks as per instructions


  4. Aleksandr Kolesnikov 486 Reputation points
    2024-09-03T06:32:41.16+00:00

    Hi @Muhammad Zeeshan

    You can assign to your 20 dynamic user groups. Just keep in mind that policy settings applied to user groups always go with the user, and go with the user when signed in to their many devices.

    In this case try to apply filters to target devices with a specific OS version or a specific manufacturer, target only personal devices or only organization-owned devices, and more.

    Also, have a look at the Scope tags. It might be useful for you.

    Best regards,

    Aleksandr


    If the response is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  5. Muhammad Zeeshan 100 Reputation points
    2024-09-03T07:04:59.5466667+00:00

    So is it possible to create dynamic groups using current dynamic user location group
    like we have two locations
    Norway -users
    Germany -users

    so i wan to create device groups Norway devices instead of adding manual


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.