Sign into Microsoft Endpoint Manager Admin Center: https://endpoint.microsoft.com
We need to create an Autopilot device group. We can do this through Intune.
Select ‘Groups’ on the left-hand side and then select ‘New Group’:
Make sure that the Group Type is ‘Security’
Name the group ‘Autopilot Devices’
‘Azure AD roles can be assigned to the group’ needs to be disabled if not already.
Select an Owner. The Owner will be able to delete the group.
Select Membership type to be a ‘Dynamic Device’.
Dynamic Group: This automatically adds users or devices to user groups or device groups based on an expression you create.
Then select ‘Add Dynamic Query’ then ‘Edit’ next to Rule Syntax
This allows us to create rules using Autopilot device attributes. Autopilot devices that meet these rules are automatically added to the group.
The following expression will create a group that will include all Autopilot Devices:
• (device.devicePhysicalIDs -any (_ -contains “[ZTDID]”))
ZTDID: This is a generated unique ID known as Zero Touch Device ID. This is the codename for Windows Autopilot in Microsoft. This is assigned to a device that it is imported into Intune under Windows Autopilot Devices in Endpoint.
Add this expression into the Rule Syntax box:
Then select ‘Create Group’
Notes:
Using dynamic groups can be useful if you plan to use the same autopilot profile for all devices that are to be enrolled within your organisation. However, in some cases this may not be ideal. You can create several Autopilot profiles and then manually assign devices to those profiles/groups based on your preferences.
For new Dynamic Groups, it may take up to 24 hours before it performs its first dynamic check.
You can validate your rules for Dynamic groups:
I have imported this VMware Workstation into Autopilot devices. I am waiting for the dynamic group to catch up and add the workstation. By validating rules, I have confirmed that the dynamic group is working but it is just going to take time.
