The WMI filters use a query to scope down the Group Policy Object applicability. If you haven’t used Windows Management Instrumentation (WMI) filters before, they show up in Group Policy Management at the bottom, between Group Policy Objects and Starter GPOs. Domain Controller / Non-Domain Controller.More likely than not, if you’re using Group Policy to push out software installation or registry entries to client machines or servers on the domain, the particular policy settings may be different depending on the OS version or architecture.Įxamples, Group Policy Objects may need to be filtered by: User.assignedPlans -any (rvice -eq “MicrosoftPrint” -and assignedPlan.NOTE: Updated to include Windows Server 2019 User.assignedPlans -any (rvice -eq “YammerEnterprise” -and assignedPlan.capabilityStatus -eq “Enabled”)Īll users with MicrosoftPrint license assigned and enabled. ![]() USER.ASSIGNEDPLANS -ANY (ASSIGNEDPLAN.SERVICEPLANID -EQ “c1ec4a95-1f05-45b3-a911-aa3fa01094f5” -and assignedPlan.capabilityStatus -ne “Disabled”)Īll users with Yammer Enterprise license assigned and enabled. comĪll Users with a Intune license thats not disabled. User.assignedPlans -any (rvice -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”)Īll users with an email that contains. Name of the Autopilot enrollment profile. (device.enrollmentProfileName -eq “APHybridJoin”) (vicePhysicalIds -any _ -eq “:SelfDeploying”)Īutopilot devices that have been enrolled using a specific enrollment profile If you want to create a dynamic group only containing one specific device you can specify the ZTDid for that device.Īutopilot devices with a specific OrderID (Group Tag) (vicePhysicalIDs -any _ -contains “”)Ī specific device thats autopilot registered (viceOSType -eq “MacMDM”) -and (viceOwnership -eq “Company”) (viceOSType -eq “IPhone”) -and (viceOwnership -eq “Company”) (viceOSType -eq “IPhone”) -and (viceOwnership -eq “Personal”) (viceOSType -eq “iPad”) -and (viceOwnership -eq “Company”) (viceOSType -eq “iPad”) -and (viceOwnership -eq “Personal”) Update the rule with the same name you gave your enrollment profile (device.enrollmentProfileName -contains “Dedicated”) (viceOSType -eq “AndroidEnterprise”) -and (viceOwnership -eq “Company”)Īll Android devices enrolled with a specific profile name ![]() (viceOSType -match “AndroidEnterprise”)Īll company owned Android Enterprise devices (viceOSType -eq “Android”) -and (viceOwnership -eq “Company”) (viceOSType -eq “Windows”) -and (viceOwnership -eq “Personal”) (viceOSType -eq “Windows”) -and (viceOwnership -eq “Company”) Microsofts documenation on dynamic groups: This can cause some confusion and I won’t go in to details in this post instead I just want to post “working” queries you can just copy and paste. Dynamic queries use the Microsoft Graph but not everthing is exposed even tho you can find in it Graph. ![]() Microsoft provides a lot of good examples and explenations on how the query format should look like. I will continuesly update this list with my own queries and from others in the community who would like to share them. With that I wanted to create an overview of queries I often use when working with customers and hopefully there are more people who could find this useful. Managing devices and users in your or customer enviroment but it’s not always that easy to get the queries right and also find out what to query at times (speaking from my own experience). ![]() Dynamic Azure AD groups for Microsoft Endpoint Manager administrators is an important part of
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |