How To Configure “Dynamic Device” Group For MacBooks In AzureAD.

When creating configuration or compliance policies in Microsoft 365, its important to make sure you’re only targeting the devices or users you want to target. To do this you can use the Microsoft365 “Dynamic device/user” feature when creating groups in “Azure Active Directory”

Start by going to the “” and open the groups section in Active Directory.

Choose “Groups” in the left panel.

After selecting “Groups” click the “+ New group” in the top bar. Give your group a name and select til following settings.

Group Type: Security
Membership type: Dynamic device

In the bottom section of the “New Group” page, select “Edit dynamic query” and set up the rules as the following. The value of “Macbook air/pro” could be change to match your setup, but I have chosen to target all types of Macbooks in our environment.

You can use the following rule syntax for your rule and customize it for your needs.

Click “save” and then “Create”.
You should now start to see your devices show up under group membership. (This could take up to 30 minutes, be patient)

If you have any questions / feedback or would like to correct me on any of the stuff above.
Please use the comment section or contact me directly using the blue button in the bottom right corner.

1 thought on “How To Configure “Dynamic Device” Group For MacBooks In AzureAD.”

Leave a Comment