When creating configuration or compliance policies in Microsoft 365, its important to make sure you’re only targeting the devices or users you want to target. To do this you can use the Microsoft365 “Dynamic device/user” feature when creating groups in “Azure Active Directory”
Start by going to the “https://aad.portal.azure.com/” and open the groups section in Active Directory.
After selecting “Groups” click the “+ New group” in the top bar. Give your group a name and select til following settings.
In the bottom section of the “New Group” page, select “Edit dynamic query” and set up the rules as the following. The value of “Macbook air/pro” could be change to match your setup, but I have chosen to target all types of Macbooks in our environment.
You can use the following rule syntax for your rule and customize it for your needs.
(device.deviceOSType -contains "macOS") or (device.deviceOSType -contains "OS X") or (device.deviceModel -contains "MacBook Air") or (device.deviceModel -contains "MacBook Pro")
Click “save” and then “Create”.
You should now start to see your devices show up under group membership. (This could take up to 30 minutes, be patient)
If you have any questions / feedback or would like to correct me on any of the stuff above.
Please use the comment section or contact me directly using the blue button in the bottom right corner.