Azure AD: How to create Group Device and Apply Policy Profiles to Group Device On Azure AD.


Intune uses Azure Active Directory (Azure AD) groups to manage devices and users. As an Intune admin, you can set up groups to suit your organizational needs. Create groups to organize users or devices by geographic location, department, or hardware characteristics.

This article will guide you how to configure the types of groups and configure some policies to apply to the group.


Step 1: Create Assigned Group Device.

Assigned Group: Manually add users or devices into a static group.

Login Enter user and password admin azure AD.

Select Group > New Group.

Group type: select Security

Group name: Enter Name the group

Membership type: select Assigned.

Memners: Click to select No members selected.

Add Members: You select the devices that have joined Azure AD to the group. Click Select.

Finally click Create.

Step 2: Create Dynamic Group Device.

Dynamic Group Device : (Requires Azure AD Premium) Automatically add users or devices to user groups or device groups based on an expression you create.

Select Group > New Group.

Group type: select Security

Group name: Enter Name the group

Membership type: select Dynamic Device.

Dynamic device Memners: Click Add dynamic query.

Click Edit.

You add this query “ device.deviceOSType -contains “Windows” ” to the rule syntax section. Click OK and Click Save.

Finally click Create.

The group has been created.

Step 3: Create Profile Device Restrictions.

Navigate to Device > Configuration profiles > Create profile.

Platform: Windows 10 and later.

Profile type: Templates > Device restrictions. Click Create.

Name: Set the profile name. Click Next.

In the Control Panel and Setting section: Scroll down to the Gaming section, select Block.

Scroll down to the Password section: select Require. You can customize the password type, complexity,…Click Next.

Next select Add Group: select the group device you want to apply. Click Select and Next.

Click Create.

Step 4: Check the result

To apply policy quickly down to the device. Go to Device > All Device > Select the device in the group > Select Syn > Yes.

Or on the device with the policy applied, go to Settings > Account > Access work or school > Click Info.

Scroll down and click Syn.

After successfully Syn. You proceed to check the applied policies.

Go to Settings: Check you will not see the Gaming section because you have applied the Block Gaming policy.

Next is the Password section when you change a simple password, there will be a warning asking to set a strong password.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.