This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Hi,
I would like to create a device dynamic group on Intunes with two requirements:
-the device name contains "device-"
-the device belong to intunes group
Intunes give me this rule syntax:
(device.displayName -contains "device-") and (device.objectId -eq "xxx-xxx-xxx-xxx-xxx")
(device.displayName -contains "device-") → OK, the rules matchs
(device.objectId -eq "xxx-xxx-xxx-xxx-xxx") → KO. I have indicated the objectId of my intunes group but I think that it is the property "device.objectId" that is not good.
Is there an alternative of "device.objectId" for groups?
I have consulted https://learn.microsoft.com/fr-fr/azure/active-directory/enterprise-users/groups-dynamic-membership but I have not found an answer.
Thank you
David
@David B
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 63%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Thank you for your support
The case can be solved.
@David B
Thank you for following up on this and I'm glad that you were able to resolve your issue!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
HI @David B - I think this is expected behavior for the preview nested group scenario.
Preview limitations of nested AAD groups - MemberOf can't be used with other rules. For example, a rule that states dynamic group A should contain members of group B and also should contain only users located in Redmond will fail.
I have noted this in the post as well -> https://www.anoopcnair.com/how-to-create-nested-azure-ad-dynamic-groups/
KR
Anoop
I think you need to use device.memberof -any (group.objectId -in ['value']) instead.
Thank you for your feedback
I tried this syntax rules but it doesnt work:
(device.displayName -contains "device-") and device.memberof -any (group.objectId -in "xxx-xxx-xxx-xxx-xxx")
I have this message: "Some items could not be displayed in the rule builder. ". It doesn't recognize "device.memberof" and "group.objectId"
I have only this choice + "extension attribut"
Hi there,
This article tells how to set up a rule for a dynamic group in the Azure portal. Dynamic membership is supported for security groups and Microsoft 365 Groups.
Create or update a dynamic group in Azure Active Directory https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule
Dynamic groups require Azure AD Premium P1 license or Intune for Education license.
Add groups to organize users and devices https://learn.microsoft.com/en-us/mem/intune/fundamentals/groups-add
------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–