(54) Create Azure AD Dynamic Device Group using MDM Type

As part of a current project, there are devices that are Azure AD Joined and and Hybrid Azure AD Join (using our good old friend MECM aka SCCM). As the customer has semi decommissioned MECM site server, half of the fleet is still using Co-Managed.

1. Navigate to https://portal.azure.com then select Devices then All Devices

2. Open two tabs for All Devices, then filter by:

First tab: MDM = Microsoft Intune, OS starts with Windows.

Copy the "Object ID"

Second tab: MDM = Microsoft Configuration Manager, OS starts with Windows

Copy the "Object ID"

3. Navigate to https://aka.ms/ge [Microsoft Graph Explorer], to look up the ID, run the following query:

https://graph.microsoft.com/v1.0/devices/[ObjectID]

Replace [ObjectID] with the object ID from your device.

For MDM = Microsoft Intune, query is:

https://graph.microsoft.com/v1.0/devices/001c87d5-3f57-4f20-8fcb-399b55b9db5c

Where mdmAppID is 0000000a-0000-0000-c000-000000000000

For MDM = Microsoft Configuration Manager, query is:

Where mdmAppID is 54b943f8-d761-4f8d-951e-9cea1846db5a

4. Create the AAD Dynamic Group using the MDM Type. Navigate to https://endpoint.microsoft.com then with Dynamic membership rules with the following:

(device.deviceManagementAppId -contains "54b94")

With the end result: