Categorize devices into groups
To make managing devices easier, you can use Microsoft Intune device categories to automatically add devices to groups based on categories that you define.
Device categories use the following workflow:
- Create categories that users can choose from when they enroll their device.
- When users of iOS/iPadOS and Android devices enroll a device, they must choose a category from the list of categories you configured. To assign a category to a Windows device, users must use the Company Portal website.
- You can then deploy policies and apps to these groups.
You can create any device categories you want. For example:
- Point-of-sale device
- Demonstration device
How to configure device categories
Step 1: Create device categories on the Intune blade of the Azure portal
- Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Device categories.
- On the Device categories page, choose Create to add a new category.
- On the Create device category blade, enter a Name for the new category, and an optional Description.
- When you are done, select Create. You can see the new category in the list of categories.
You'll use the device category name when you create Azure Active Directory (Azure AD) security groups in step 2.
Step 2: Create Azure Active Directory security groups
In this step, you'll create dynamic groups in the Azure portal, based on the device category and device category name.
To continue, refer to Using attributes to create advanced rules in the Azure AD documentation.
Use the information in this section to create a device group with an advanced rule, by using the deviceCategory attribute. For example: device.deviceCategory -eq "the device category name you got from the Azure portal".
After you configure device groups, and users enroll their device, they are presented with a list of the categories you configured. After they choose a category and finish enrollment, their device is added to the Active Directory security group that corresponds with the category they chose.
View the categories of devices that you manage
Sign in to the Microsoft Endpoint Manager admin center, choose Devices > All devices.
In the list of devices, examine the Device category column.
If the Device category column isn't shown, select Columns > Category > Apply.
Change the category of a device
- Sign in to the Microsoft Endpoint Manager admin center, choose Devices > All devices > choose the device you want > Properties.
- On the next blade, you can change the Device category of the selected device to any of the category names you previously configured.
After you configure device groups
When users of iOS/iPadOS and Android devices enroll their device, they must choose a category from the list of categories you configured. After they choose a category and finish enrollment, their device is added to the Intune device group, or the Active Directory security group that corresponds with the category they chose.
Windows users should use the Company Portal website to select a category.
Regardless of platform, your users can always go to portal.manage.microsoft.com after enrolling the device. Have the user access the Company Portal website, and go to My Devices. The user can choose an enrolled device listed on the page, and then select a category.
After choosing a category, the device is automatically added to the corresponding group you created. If a device is already enrolled before you configure categories, the user sees a notification about the device on the Company Portal website. This lets the user know to select a category the next time they access the Company Portal app on iOS/iPadOS or Android.
You can edit a device category in the Azure portal, but you must manually update any Azure AD security groups that reference this category.
If you delete a category, devices assigned to it display the category name Unassigned.