Corporate-owned dedicated devices scope tag enrollment

Eduards 791 Reputation points
2021-02-01T10:10:24.343+00:00

Hello

i configured RBAC in Intune.

We have been managing kiosk devices and work-profile devices.

KIOSK - administrator have scope tag "kiosk device" and they can only operate with kiosk devices and can't see work-profile devices.

Problem.

When i enroll new kiosk device it's automatically assigns default scope tag but not "kiosk device" tag. In Corporate-owned dedicated devices porperties in scope tag i selected only "kiosk device."

So enroll kiosk device and it's with default scope tag and kiosk administrator doesn't see the device until i go to intune portal (intune adminstirator) and manually add "kiosk device" tag to the device.

Could i automate this process?

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,385 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,300 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 50,331 Reputation points Microsoft Vendor
    2021-02-02T03:27:27.593+00:00

    @Eduards , Thanks for posting in our Q&A. From your description, I know we want to assign "kiosk device" tag to the Android devices which are enrolled with "Corporate-owned dedicated devices profile" after enrollment. If there's any misunderstanding, feel free to let us know.

    I notice we assigned the "Corporate-owned dedicated devices profile" with this tag. Based on my understanding, this is only for the profile. Not for the devices enrolled with this profile. To assign the tag to all the devices enrolled with this profile, we can follow the steps as below which I tested in my lab:

    1. Create a Dynamic group that includes all the devices that are enrolled with the "Corporate-owned dedicated devices profile" . Fro example, in my lab, the profile is "test_Corp" and i set the Dynamic membership rule as "device.enrollmentProfileName -eq "test_Corp")"
      62803-image.png
      https://learn.microsoft.com/en-us/mem/intune/enrollment/android-kiosk-enroll#create-a-device-group
      2, Assign the above device group with the scope tag "kiosk device"

    62804-image.png
    3. Then try to do the enrollment, after it is enrolled, we can see the tag has been assigned to this device.
    62762-image.png

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Eduards 791 Reputation points
    2021-02-02T11:15:14.613+00:00

    Hello thank you for your answers.

    But at this moment I already have device group which is called "KIOSK device" and all configuration profiles applications are deployed to this group.

    I don't want to create new group and then move all existing devices to that group so it could ruin all the configuration.

    Is there possibility to add existing group? But problem is that it's no dynamic group..\

    i can change existing group to "Dynamic device"
    62938-image.png

    will it not ruin all the configuration?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.