In the Azure Active Directory (AzureAD) Preview portal it is possible to create dynamic groups for users and devices based on attributes. In this blog post I will show how to create a dynamic group for every Windows 10 Build that has been released at this moment.

 

First you need to find out what information you need in your groups.

I my case I what to create dynamics groups based on what build version there are installed on the devices I have in Azure AD. The I can assign policy, settings, applications etc. from my Microsoft Intune portal.

If I go inside my Intune management portal in Azure –>  Devices –> All Devices then I can see the OS Version number.

Now I can create some powershell commandlines to get my dynamic groups created.

First I need to run this to connect to my AzureAD

$AzureAdCred = Get-Credential
Connect-AzureAD -Credential $AzureAdCred

The I have to login with a account in AzureAD with rights to create groups.

Then I can use the Command-let New-AzureADMSGroup

New-AzureADMSGroup -Description “All Windows 10 1507 – MDM” -DisplayName “All Windows 10 1507 – MDM” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSVersion -contains “”10.0.10240″”)” -MembershipRuleProcessingState “On”
New-AzureADMSGroup -Description “All Windows 10 1511 – MDM” -DisplayName “All Windows 10 1511 – MDM” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSVersion -contains “”10.0.10586″”)” -MembershipRuleProcessingState “On”
New-AzureADMSGroup -Description “All Windows 10 1607 – MDM” -DisplayName “All Windows 10 1607 – MDM” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSVersion -contains “”10.0.14393″”)” -MembershipRuleProcessingState “On”
New-AzureADMSGroup -Description “All Windows 10 1703 – MDM” -DisplayName “All Windows 10 1703 – MDM” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSVersion -contains “”10.0.15063″”)” -MembershipRuleProcessingState “On”

The result of the powershell commands

Create Groups.PNG

And now we can also find the newly created groups in AzureAD ready to use.

Dynamic Windows Groups 01.png