When we are using Intune in the new Azureportal (Ibiza) then we what to take advanced of dynamic device groups.
In many cases we what to make Device Configuration and deploy to either to personal or corporate devices, the easy way is to create 2 dynamic devices groups.
One for personal devices:
Powershell:
New-AzureADMSGroup -Description “All Personal Devices” -DisplayName “All Personal Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
One for Company devices:
Powershell:
New-AzureADMSGroup -Description “All Company Devices” -DisplayName “All Company Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
As a request I have updated this post to also include combined Dynamic groups for Personal or Corporate device groups – the following examples are combined with OS type.
All Personal Ipad devices
New-AzureADMSGroup -Description “All Personal Ipad Devices” -DisplayName “All Personal Ipad Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Ipad“) -And (device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
All Personal Android devices
New-AzureADMSGroup -Description “All Personal Android Devices” -DisplayName “All Personal Android Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Android”) -And (device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
All Corporate Ipad devices
New-AzureADMSGroup -Description “All Company Ipad Devices” -DisplayName “All Company Ipad Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Ipad”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
All Corporate Ipone devices
New-AzureADMSGroup -Description “All Company Iphone Devices” -DisplayName “All Company Iphone Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Iphone”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
All Corporate Android devices
New-AzureADMSGroup -Description “All Company Android Devices” -DisplayName “All Company Android Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Android”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
Cloud First 
You use (device.deviceOwnership -eq “Corporate”)” in your examples, but that one is incorrect and should be (device.deviceOwnership -eq “”Company””)”
See https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal for the details
Hi Per,
Is there a way to create dynamic group only for newly enrolled Windows 10 device?
I am trying to deploy a PowerShell which should go only to newly enrolled devices.
What is the MailNickname used for? It seems it doesn’t need to be unique. I created multiple groups with the name MailNickname and also I don’t see a way to modify this via the GUI regardless. It’s also not asked for when you create the group in the GUI without using PowerShell