Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 21, 2019 7:37 PM
I've been working on Android Enterprise and need to apply a device configuration profile to it. The one for Corporate-owned dedicated devices was easy since I created the profile for enrollment. I could simply create a group and use the property enrollmentProfileName matching the name of the profile I created. However, when I want to create either of the other two types (Personal Devices with work profile, or Corporate-owned, fully manged) it gets a lot harder because they don't have enrollment profiles created for them.
So I looked a bit more and the Devices view has the OS field that shows "Android (Fully Manged)", cool I can use that. Nope, that apparently is not one of the fields that can be used to create a dynamic group.
Next thought I'll go up to the data warehouse and poke around in the data and see if I can find the enrollmentProfileName. If its in the database, I can't find it. I can't even find the name that I do know.
There are other ways I could probably create this group, but they are all rather clumsy. What's most irritating is there doesn't appear to be any view in any of the consoles that shows the values that can be used in the Groups dynamic queries.
Is there some way to get this information to actually build queries.
Bob
All replies (4)
Friday, March 22, 2019 6:07 AM
Hello Bob,
I think you can create the device Categories based on the enrollment method, and put the devices in the corresponding categories manually. Then, you can map the Categories to the device groups by creating the rule based on the deviceCategory.
For example: device.deviceCategory -eq "the device category name you got from the Azure portal".
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, March 22, 2019 2:07 PM
Thanks for the idea.
If categories could be assigned to the enrollment types that would work, unfortunately they can't. Manual operations are something I'm trying to avoid, the entire point is for this to be an automatic operation. A simpler way to do this manually would be to put the device in a group and be done.
I suspect there may be a value I can use, but the big problem is I can't see the values for devices in Intune or AAD that can be used for dynamic groups. What we need is a view of a device that lets us explore everything that is in the system. As I said, I tried to do that using the data warehouse and couldn't find what I needed. I suspect because the data is in AAD, not Intune. I'm still looking for an AAD data warehouse but no luck so far.
I really wish the Intune and AAD people would go talk to the SCCM people about how to create dynamic collections | groups. The SMS/SCCM has been doing this stuff much better for decades.
Bob
Thursday, March 28, 2019 1:10 PM
Hey Bob,
Just curious if you managed to get any further with this? I am experiencing the same issue as you and find it rather frustrating!
If we could create the rule from Android (Fully Manged) it would work brilliantly. Sadly not though.
Friday, March 29, 2019 1:14 AM
I haven't found an answer yet. I got pulled away from it before I got to try out one more idea. Its possible to query AAD with PowerShell scripts. What might be possible is to try and find out what the enrollment name is that's assigned. If we can figure that out we could create a dynamic group that could populate and solve the problem.
Bob