ability to hide Device Categories
I would like the ability to hide Device Categories. I use them with dynamic groups in order to provision devices. I have a standard group to 'build' a Kiosk device because Apple permissions force me install apps then give them permissions (such as camera). I then switch the category to something that has a KIOSK policy applied.
The issue is I really do not want the users seeing 30 categories when they enroll their devices.
Please add a check box that 'hides' the category during enrollment, but allows an admin to change to that category to get policies.
Yes, you can do this with Groups, but I do not want a Device Tech to have access to muck around in Azure group memberships.
We urgently need the ability to stop users seeing and changing Device Categories.
Please add this as soon as possible.
This is still a needed feature. Dynamic groups are the easiest way for us to administer in our specific scenarios - please make this happen.
yes I need this too !
I would be great to be able to filter device categories based on : device model and AAD groups for example.
I don't want to see "windows config" if I'm on a ipad.
I don't want to see "roadworks config" if I work in the financal team
As covered in other comments, allowing users to chose the categories is at best going to result in mistakes but at worst is a glaring security issue. The functionality clearly is ideal for organizing different 'builds' suited for different departments/functions but becomes unusable because some users are clearly going to choose to 'Executive' instead of 'Standard' for example to see if they can get extra stuff or in many cases just by mistake depending on your config.
I would like the ability to link device categories to either scopes och AAD user groups so that when users enroll a device they only see that catogory that is applied to them and not all 30 available categories.
You pick the category after you have installed the profile and all authentication is done so that link should be possible to make.
Device Category is probably the most effective method to categorize systems in a tenant for use with Dynamic Group Memberships. Having device categories visible and selectable by end users diminishes the integritiy in which dynamic joins can be perfomed for group assignments. Unless there is an alternative method, there is no good way to handle granular dynamic joins on a larger scale. Inputing device ID's or limiting it to enrollment types are either way too specific or way to broad.
In our environment, we have systems that we identify in Device Categories for test machines, finance machines, sales machines, and general use machines, and etc. The machines are dynamically assigned based on the device category we assign them. This allows for the ability to efficiently deploy policies, apps, test updates to the appropriate groups.
I also use categories in this way. Being able to hide them will eliminate so much confusion.
it would be awesome if we could use Scopes on Device Categories,
I dont use it has I dont want normal users to have the ability to select them.
But I would love my DEM accounts to be be able to select a category.
I would be better then assigning the device manually to a group.
Exactly! I use dynamic groups based on the category of a device to deploy different types of stuff. I don't want a user to be able to pick a wrong category.