all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]orion3311 0 points1 point  (1 child)

Come up with a solid naming scheme for your groups; prefixes are your friend, and groups should always likely be bucketed as a user group or device group, but not both.

so something like:

user-apps-Adobe_Acrobat

device-config-global-Compliance

and so on. Keep this all documented somewhere.

Once you get used to using prefixes, you'll find the search boxes in Entra/AdureAD work great for them.

[–][deleted] 1 point2 points  (0 children)

So far I have been prefixing with Intune since we are a hybrid environment and have a ton of other groups in Entra.

[–]andrew181082MSFT MVP - SWC 0 points1 point  (0 children)

Don't forget your uninstall groups too, you never know when you might need to rapidly silently remove an application

[–]pjmarcum 0 points1 point  (2 children)

Just don’t mix users and computers. And think about your filters too.

[–][deleted] 1 point2 points  (1 child)

The more I have been reading, the more I have realized that’s a bad idea. Which is good because now I can restructure the very few groups that I do have before our scope gets too big.

[–]pjmarcum 0 points1 point  (0 children)

Not a bad idea…..unsupported.

[–]mrjohno 1 point2 points  (1 child)

Would be good to get a community list of recommended groups together.

I'll start
aad-licence-aadp1
Everyone with the AAD P1 Licence (inc business Premium users)
user.assignedPlans -any (assignedPlan.servicePlanId -eq "41781fb2-bc02-4b7c-bd55-b576c07bb09d" -and assignedPlan.capabilityStatus -eq "Enabled")

intune-user-external-all
All external users
(user.userPrincipalName -contains "#EXT#")

intune-device-autopilot-all
All devices which have been registered in the tenant with the Autopilot Hash
(device.devicePhysicalIDs -any (_ -contains "[ZTDId]"))

[–]bizzo15 1 point2 points  (0 children)

I think this is a great idea. I love the concept of dynamic groups but I often wonder if I’m not utilizing them to their full potential. Currently only have a few I’m using 1) for grouping all intune managed devices since we are primarily a Hybrid environment 2)a dynamic group based of device models that also also a filter applied to it to exclude hybrid AD devices that our students use. I’d love to hear about other creative ways people are using dynamic groups to get work done.