Skip to content

Azure AD – New device attributes are available for use for dynamic group membership

As you are already probably aware, Azure AD allows you to create users or devices group with dynamic membership.

Well, the attributes available for creating a device dynamic group have been extended and now allow you to use:

  • deviceManagementAppId: defines the MDM application ID in Azure AD. If you use Intune, the Azure App ID is 0000000a-0000-0000-c000-000000000000, making the membership rule looking like this device.deviceManagementAppId -eq “0000000a-0000-0000-c000-000000000000”. For SCCM co-management it should be 54b943f8-d761-4f8d-951e-9cea1846db5a
  • deviceTrustType: defines if the devices is AAD Joined, Hybrid AAD Joined or registered. Values can be either AzureAD, ServerAD (for Active Directory joined devices, including servers) or Workplace
  • extensionAttribute1 to 15
  • profileType: defines a valid profile type in AAD. Possible values are RegisteredDevice (default), SecureVM, Printer, Shared, IoT

Enjoy these new attributes for dynamic group membership


Leave a Reply

Your email address will not be published.