Share via

How to filter managed devices in Intune using Group Name via Graph API?

Ajay 20 Reputation points
2025-11-26T13:19:42.1966667+00:00

Hi everyone,

I’m trying to figure out whether it’s possible to filter managed devices in Intune based on an Azure AD / Entra ID group name directly through the Microsoft Graph API.

So far, I’m able to query devices using endpoints like:

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices

and I can filter on properties that exist directly on the managedDevice object (e.g., deviceName, operatingSystem, etc.). What I haven’t been able to determine is:

Is there a way to return only devices that belong to a specific Azure AD group using a $filter or related query parameter, using just Graph?

Ideally, I’d like to do something like:

GET /deviceManagement/managedDevices?$filter=groupName eq 'A'

…but from what I can tell, managedDevice doesn’t surface group membership information.

If filtering directly isn’t possible:

What’s the recommended approach for correlating devices with group membership?

Should I query the group’s members first and then match device IDs?

Does anyone have an example of how they’re doing this efficiently?

Any guidance, examples, or best practices would be really appreciated!

Thanks!

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-26T13:19:53.68+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Currently, the Microsoft Graph API does not provide a direct way to filter managed devices by Azure AD group name within the managedDevice endpoint. The managedDevice object does not include group membership information, which means you cannot use a $filter query parameter to directly filter devices based on group names.

    1. Query the Group Members: First, you can retrieve the members of the Azure AD group using the following endpoint: 
         GET https://graph.microsoft.com/v1.0/groups/{group-id}/members
      This will return a list of users or devices that are members of the specified group.
    2. Match Device IDs: After obtaining the list of members, you can extract their IDs and then query the managed devices to find those that match the IDs of the group members. You can do this by querying the managedDevices endpoint and filtering based on the device IDs you retrieved from the group members.

    This two-step approach allows you to correlate devices with their respective group memberships effectively, even though it requires an additional query.

    Example Workflow:

    1. Get the group members: 
         GET https://graph.microsoft.com/v1.0/groups/{group-id}/members
    2. Extract the device IDs from the response.
    3. Query managed devices: 
         GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=id in ({device-id1}, {device-id2}, ...)

    This method ensures you can filter managed devices based on their group membership indirectly.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.