As you are already probably aware, Azure AD allows you to create users or devices group with dynamic membership.
Well, the attributes available for creating a device dynamic group have been extended and now allow you to use:
- deviceManagementAppId: defines the MDM application ID in Azure AD. If you use Intune, the Azure App ID is 0000000a-0000-0000-c000-000000000000, making the membership rule looking like this device.deviceManagementAppId -eq “0000000a-0000-0000-c000-000000000000”. For SCCM co-management it should be 54b943f8-d761-4f8d-951e-9cea1846db5a
- deviceTrustType: defines if the devices is AAD Joined, Hybrid AAD Joined or registered. Values can be either AzureAD, ServerAD (for Active Directory joined devices, including servers) or Workplace
- extensionAttribute1 to 15
- profileType: defines a valid profile type in AAD. Possible values are RegisteredDevice (default), SecureVM, Printer, Shared, IoT
Enjoy these new attributes for dynamic group membership