Android Enterprise
      Back to home
      1. Help Center
      2. Android Enterprise

      How to create Entra dynamic groups for Android Enterprise enrolments?

      Overview

      This knowledge base article will demonstrate the steps on how to create Entra dynamic groups for the following enrolments:

      • Android Enterprise: Personally-owned devices with work profile (BYOD)
      • Android Enterprise: Corporate-owned dedicated devices (COSU)
      • Android Enterprise: Corporate-owned, fully managed user devices (COBO)
      • Android Enterprise: Corporate-owned devices with work profile (COPE)

      Agenda

      The following setup is covered here:

      • Dynamic group: Android Enterprise: Personally-owned devices with work profile (BYOD): Step 3
      • Dynamic group: Android Enterprise: Corporate-owned dedicated devices (COSU): Step 4
      • Dynamic group: Android Enterprise: Corporate-owned, fully managed user devices (COBO): Step 5
      • Dynamic group: Android Enterprise: Corporate-owned devices with work profile (COPE): Step 6

      Create a Entra dynamic group

      1. By navigating to Microsoft Intune portal, then select Groups.

      2. Select New group.

      3. For Android Enterprise: Personally-owned devices with work profile (BYOD):
      Group type: Security
      Group name: Personally-owned devices with work profile
      Group description: Personally-owned devices with work profile
      Membership type: Dynamic membership

       Select Add dynamic query, in the rule syntax: 
      (device.deviceOSType -eq "AndroidForWork") and (device.managementType -eq "MDM")

      Click Save. Then select Create. The dynamic group will populate with the devices enrolled under that profile.


      4. For Android Enterprise: Corporate-owned dedicated devices (COSU)
      Note: This is dependent on the given profile name created:


      Group type: Security
      Group name: Corporate-owned dedicated devices
      Group description: Corporate-owned dedicated devices
      Membership type: Dynamic membership

       Select Add dynamic query, in the rule syntax: 
      (device.enrollmentProfileName -eq "Corporate-owned dedicated devices")

      Click Save. Then select Create. The dynamic group will populate with the devices enrolled under that profile.

      5. For Android Enterprise: Corporate-owned, fully managed user devices (COBO):

      Note: This is dependent on the given profile name created:


      Group type: Security
      Group name: Corporate-owned, fully managed user devices
      Group description: Corporate-owned, fully managed user devices
      Membership type: Dynamic membership

       Select Add dynamic query, in the rule syntax: 
      (device.enrollmentProfileName -eq "Corporate-owned, fully managed user devices")


      Click Save. Then select Create. The dynamic group will populate with the devices enrolled under that profile.

      6. For Android Enterprise: Corporate-owned devices with work profile (COPE):

      Note: This is dependent on the given profile name created:


      Group type: Security
      Group name: Corporate-owned devices with work profile
      Group description: Corporate-owned devices with work profile
      Membership type: Dynamic membership

       Select Add dynamic query, in the rule syntax: 
      (device.enrollmentProfileName -eq "Corporate-owned, fully managed user devices")


      Click Save. Then select Create. The dynamic group will populate with the devices enrolled under that profile.

      7. Once all the groups have been created, assign them appropriately to.