Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Support for Dynamic (User & Device) Groups

Providing support of dynamic groups for both users and devices. We heard a lot of feedback of customers which are looking for dynamic group support in Intune. Currently groups can be populated based on parent group inheritance or AD security groups. However this is limited to user objects only and doesn't support managed device/computer objects. Customers are looking for a more granular way to automatically populate groups to ease operational management.

192 votes
Sign in
Sign in with: Facebook Google Microsoft Intune
Signed in as (Sign out)
You have left! (?) (thinking…)
Ronny de Jong shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Microsoft Intune and EMS Conditional Access capabilities are both now Generally Available in the Azure portal. From this point forward, all new Intune and conditional access features will be delivered in the new portal, so keep an eye out.

We still have a very small number of customers who haven’t been migrated due to bugs on our side, and we’re fixing those as fast as we can. There are also accounts we haven’t migrated because they have configurations we can’t support in Azure. For more information, including how to tell if your account has been migrated, see But since we hit “GA”, we’ll call this complete.


Sign in
Sign in with: Facebook Google Microsoft Intune
Signed in as (Sign out)
  • Chad Simmons commented  ·   ·  Flag as inappropriate

    There is a definite need to be able to create dynamic user, device, and computer groups by any/all user/device attributes.

  • Marc V commented  ·   ·  Flag as inappropriate

    We would like this as well. We are in trial mode right now and this is a feature we really want in our environment.

    We currently are using SCCM 2007 and looking to see if switching to just an InTune standalone without a SCCM hybrid solution would work for us since we are a smaller org with under 1000 managed PCs. We are mainly looking into using InTune as a alternative to SCCM or SCCM/InTune hybrid.

    We are of course interested in the other nice features with users and mobile device management but our immediate need is PC device management and currently we use many dynamic collections in sccm and wanted to do the same or something similar in InTune and currently it does not look possible.


  • Thom McKiernan commented  ·   ·  Flag as inappropriate

    We use the computer name to enable us to manage our various tablet roles, e.g. POS-1234 for point of sale tablets or BOH-1234 for back office tablets.
    It would be great if I could set a rule to say "if Computer name starts POS* then add to "POS" group"
    Even better would be a rule "if Computer name starts POS-0001 to POS-0100 then add to "POS Pilot" group, else Add to "POS Rollout" group "

  • Kyle Townend commented  ·   ·  Flag as inappropriate

    Dynamic device groups based on device OS, version, etc would all be very useful. Additionally dynamic membership based on what user domain is assigned to a device. For example,'s devices all get moved to the SALES group to get Sales policies, and's devices all get moved to the ENGINEERING group, etc.

  • Gary Emmerton commented  ·   ·  Flag as inappropriate

    Definitely needed - the need to deploy correct policies to devices by dynamically adding them to the correct groups is essential, especially for Azure AD joined (i.e. not on-premise AD domain joined).

  • Track V commented  ·   ·  Flag as inappropriate

    Not being able to select AD security Groups or to create dynamic groups for DEVICES. This is a deal breaker.

    Microsoft Intune Developers - please create this feature A.S.AP.

  • Samir commented  ·   ·  Flag as inappropriate

    Devices group management has to be more flexible like having dynamic groups based on OS type for example. This way, you will be able to have a group for iOS, Android and let's say MDM managed Windows 10.

  • Takema Murata commented  ·   ·  Flag as inappropriate

    I strongly agree this idea! And also getting OU information from local AD is not dynamic too. Information acquisition of OU is only when enroll the device. Customer who managed Intune groups with OU criteria can't update OU rename and delete information into Intune Admin Console. By performing the information acquisition of OU more dynamically , operation becomes efficient.

  • Kellan commented  ·   ·  Flag as inappropriate

    I just had this discussion with the folks who manage our Azure AD deployment. The easiest thing to do is make the dynamic groups in AD. We are doing ours by the department field. From there you can link those dynamic groups to your Intune groups.

    I do agree though that having this functionality in Intune would be a bonus as Intune administrators don't always have access to modify groups in AD.

Feedback and Knowledge Base