question

MartinRashed-3884 avatar image
0 Votes"
MartinRashed-3884 asked JamesTran-MSFT edited

Creating AAD Dynamic group targeting newly enrolled machines (not hybrid)


I want to run script ONLY on newly enrolled machines (no onPrem servers, I only have AAD and InTune)
i could not find any way to only target newly enrolled machines (either new machines or factory reset/SecureWiped)

I saw that there are Custom attributes when building the dynamic group rules, is there ANY way to reach my endgoal? Win10-21H2 machines

Any solution that meets my end goal is appreciated:
-Conditional Access custom device rule
-Dynamic AAD Group (custom rule,...)
-Else..

mem-intune-device-configurationsazure-ad-group-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@MartinRashed-3884, After going through the properties of Dynamic membership rules, I didn't find a property can filter the newly enrolled device. But only the enrolled devices. (by using enrollmentProfileName or managementType). If you want to filter the newly enrolled device, I think the device attribute like enrolled time needs to added into the dynamic membership rule. You need to feedback to AAD support to see if it can be added in the future.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

Currently, if we want to run script only on newly enrolled machine, as a workaround, we can create an assigned group to manually add these devices to make it work.

Hope it can help.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.