Usage of filters with Intune policy assignments

by | Intune, Cloud

Create a filter in Intune for policy assignment to streamline the management of targeted devices efficiently. This document titled Usage of filters with Intune policy assignments offers comprehensive guidance on implementing filters effectively to enhance policy deployment accuracy. By leveraging filters within Intune, administrators can tailor policy assignments with precision, optimizing device configurations to align with organizational requirements.

In this post I am going to discuss on usage of filters with Intune policy assignments. With usage of filters, we can narrow down the assignment of Intune policies with a specific condition, hence allowing us to validate the condition before offering the policy to the device or user. Let’s discuss this in detail.

Table Of Contents
  1. What are Filters
  2. What are the benefits of using Filter
  3. Important things to know about Filters
  4. Create the filter
  5. Use Filter with assignment
  6. Important Links

What are Filters

Filters are the specific conditions created for devices or Apps. Let’s say, a condition to get all Dell Devices only, other example could be OS version with Windows 11 24H2 only. You can create the filters which further be used with Intune policy assignment to narrow down the scope to specific condition only.

What are the benefits of using Filter

You might be wondering what special it is to use the filter. The above-mentioned example which I provided, can also be achieved by creating Dynamic group of specific Dell device model or specific OS version. But here is the benefit of using the filter:

  • Filters are applied on the go. When you assign the policy to a specific group along with the Filter condition, the policy is only offered to those devices when the filter condition is met.
  • You can avoid creating multiple Dynamic groups: Though dynamic group might serve the same purpose as Filter at first glance, however with multiple dynamic groups created in your Intune environment can slow down the processing of dynamic groups rules. As your environment grows further with 100’s of groups, the deployment, processing everything slows down as the conditions will be evaluated for each group quite frequently. Rather than having so many dynamic groups, let’s keep dynamic groups less and simple and create Filters instead.
  • Filters can be re-used with multiple assignments: It can be used with multiple policy assignments, whether it is Windows Update ring, Configuration profile, apps etc.

Important things to know about Filters

  • You can have upto 200 filters in Intune tenant.
  • Filters can be used for Managed devices and Managed apps both.
  • Filters can be used with “Include” or “Exclude” mode depending upon what you want to achieve with it.

Create the filter

Let’s create the filter based upon device Manufacturer ie. “Dell”.

Create filter
  • Specify the name as “Dell Devices” and select Platform as “Windows 10 and later”
  • Under the rules you have multiple properties to choose, these properties are as follows:
    • Device name
    • Manufacturer
    • Model
    • Device category
    • OS version
    • Operating System version
    • Ownership
    • Enrollment profile name
    • Microsoft Entra Join Type
    • Operating System SKU
    • CPU Architecture
Create filter rule
  • Select Property as manufacturer, specify Operator as “Equals” and Value as “Dell Inc.”

You can choose various Operator to match the condition such as Equals, NotEqusls, StartsWith, Contains, NotContains, In, NotIn etc.

You have option to Filter the preview so as you can validate the results, click Next to finalise creation of filter.

Use Filter with assignment

Let’s select any existing application to select its assignment. For one of my application, I have targeted it to “All devices”, but now I want this to only be targeted on Dell devices. Hence, I will be selecting “Filter mode”, and will select Include “filtered devices in assignment”. This will show me list of existing filters, as I have one already created, will select “Dell Devices”

Filter mode assignment

Once filter is selected, we can see Filter mode as “Include” and Filter name as “Dell Devices”

Filter selected

We are now ready to deploy the app which will only target to Dell devices only. Once the policy is received, all other Non-Dell devices will reject this policy and will be marked as Not applicable.

Important Links

https://learn.microsoft.com/en-us/mem/intune-service/fundamentals/filters

https://learn.microsoft.com/en-us/mem/intune-service/fundamentals/filters-device-properties

Discover more from SCCM | Intune | Device Management| Enterprise Mobility & Security

Subscribe to get the latest posts sent to your email.

Leave a Reply