Device filters are currently in preview and needs to be activated before being able to use it.
This post will cover how to activate device filters and how to use them.
Microsoft Documentation on creating filters
Microsoft Documentation on where you can use filters
Microsoft Documentation on device properties in filters
What are device filters?
Device filters is a way of creating device groups based on filters (without the need of a group), allowing you to target specific devices by creating rule syntax for filtering devices based on certain attributes.
Why are we using device filters?
To make it easier to target the correct devices, instead of creating security groups and assigning devices to those security groups, we can create filters that achieve the same function without the need of new security groups. For example we only want to target a certain policy or application to iPhones, we would use a filter that collects all the iPhones.
When do we use device filters?
We use device filters when applying policies or applications that should only be targeted to specific devices. For example, we have a business application that we want to install on iPads that belongs to employees, we can then use a device filter to achieve this without the need of creating new security groups or manually assigning devices.
How do you activate device filters?
Go to Microsoft Endpoint
Click on Tenant administration and select Filters (preview).
Flip the switch to On.
How to create a device filter in Intune?
Now that you turned on the feature, we can start creating our filters.
Go to Microsoft Endpoint
- Click on Tenant administration – Filters.
- Click on Create.
- Fill in a filter name and description, select a Platform (In this example we will select iOS/iPadOS) Click Next.
- Next, create the rules for your filter. (In this example I have created a rule that collects all iOS devices that have a specific enrollment profile assigned to them.)
Rule syntax:
Property: enrollementProfileName
Operator: Equals
Value: “Your selected enrollementProfileName here”
Our filtering rules will now filter all devices that are iOS-based and have the profile “Your selected enrollementProfileName here” assigned to it. This allows us to target all iOS devices that only belong to the specific enrollment profile.
In the last step, review and click create, you are done with creating the filter.
How to use a device filter?
Let’s take an example of assigning a specific app to devices from our newly created device filter. We will assign the application Microsoft Defender Endpoint to all our employee’s devices that are iOS based.
Select the application from the Apps menu in the iOS section of Intune. Under properties click “Edit” on the Assignments. You should be able to see “Filter (preview)” next to your group, clicking on it brings up the menu allowing you to Include filtered devices in assignments. You will be able to select from a list of all your created filters.