Categorize devices into groups

Device categories allow you to easily manage and group devices in Microsoft Intune. Create a category, such as sales or accounting, and Intune will automatically add all devices that fall within that category to the corresponding device group in Intune. To enable categories in your tenant, you must create a category in the Microsoft Intune admin center and set up dynamic Azure Active Directory (Azure AD) security groups.

This article describes how to configure and edit device categories.

Configure device categories

You must be a Global Administrator or Intune Administrator to perform these steps.

Before you begin

Decide if it's necessary to show the device category selection prompt to end users when they visit the Company Portal app or website. If you don't want the prompt to be visible, block it in a customization profile first, and then create your categories.

Step 1: Create device category in Intune

  1. Sign in to the Microsoft Intune admin center.
  2. Choose Devices > Device categories.
  3. Select Create device category to add a new category.
  4. Enter the name of the new category, such as HR and an optional description.
  5. Select Next.
  6. Optionally, assign a scope tag, like US-NC IT Team or JohnGlenn_ITDepartment, to limit management of the category to specific IT groups. For more information about scope tags, see Use RBAC and scope tags for distributed IT.
  7. Select Next.
  8. Select Create. The new category is added to your Device categories list.

You'll use the device category name when you create Azure Active Directory (Azure AD) security groups in the next step.

Step 2: Create Azure AD security groups

To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see Using attributes to create advanced rules in the Azure AD documentation. Create an advanced rule for your group using the deviceCategory attribute and the category name you created in Step 1 of this article.

For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: device.deviceCategory -eq "HR"

View categories of all devices

To view the device category assigned to each device, go to Devices > All devices. The category is listed in the Device category column. To add the column to your table, select Columns, and then choose Category > Apply.

When you delete a category, devices assigned to it appear as Unassigned.

Change the category of a device

If you edit a category, be sure to update any Azure AD security groups that reference the category in their rules.

  1. In the admin center, go to Devices > All devices.
  2. Select a device.
  3. Select Properties.
  4. Change the category listed under Device category.
  5. Select Save.

Best practices

Device categories are supported on devices running Android, iOS/iPadOS, or Windows. People with Windows devices must use the Company Portal website to select their category. Regardless of platform, any device user can sign in to at anytime and go to My devices to select a category.

If an iOS/iPadOS or Android device is already enrolled before you configure categories, the user will receive a notification about the device the user owns on the Company Portal website. The notification informs them that they need to select a category the next time they're in the Company Portal app.