{"id":4348,"date":"2022-09-27T08:01:13","date_gmt":"2022-09-27T15:01:13","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4348"},"modified":"2022-09-27T08:43:15","modified_gmt":"2022-09-27T15:43:15","slug":"how-to-create-aad-dynamic-groups-for-hybrid-azure-ad-joined-devices","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4348","title":{"rendered":"How to Create AAD Dynamic Groups for Hybrid Azure AD Joined Devices"},"content":{"rendered":"\n<p>Let\u2019s create Azure AD dynamic groups for Hybrid Azure AD joined devices. You can now use&nbsp;<strong>DeviceTrustType<\/strong>&nbsp;to create Hybrid Azure AD joined dynamic device groups. This is helpful to segregate AAD joined, and Hybrid AD joined devices.<\/p>\n\n\n\n<p>You can create the AAD dynamic device group using the domain join type. Follow the steps to create this type of Hybrid Azure AD joined devices group.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Login to&nbsp;<strong>AAD.Portal.Azure.com<\/strong>.<\/li><li>Navigate to the&nbsp;<strong>Azure Active Directory<\/strong>&nbsp;-&gt;&nbsp;<strong>Groups<\/strong>&nbsp;node -&gt; Click on the&nbsp;<strong>New Group<\/strong>&nbsp;button.<\/li><li><strong>Group Type<\/strong>&nbsp;-&gt; Security<\/li><li><strong>Group Name<\/strong>&nbsp;-&gt; HTMD Hybrid AAD Device Group<\/li><li><strong>Group Description<\/strong>&nbsp;-&gt; To add all Hybrid AAD joined Windows devices<\/li><li><strong>Membership Type<\/strong>&nbsp;-&gt; Dynamic Device<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-2.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 2\" class=\"wp-image-81599\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 2\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 2<\/figcaption><\/figure>\n\n\n\n<p>Click on the&nbsp;Dynamic device members -&gt;<strong>&nbsp;Add dynamic query<\/strong>&nbsp;link as shown in the below screenshot. You now need to make a query to add members to the dynamic group for Hybrid Azure AD devices.<\/p>\n\n\n\n<p><strong>NOTE<\/strong>! \u2013 You need to select&nbsp;<strong>membership type<\/strong>&nbsp;as&nbsp;<strong>Dynamic Device<\/strong>&nbsp;or&nbsp;<strong>User&nbsp;<\/strong>to have Add Dynamic Query in this blade to appear.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-3.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 3\" class=\"wp-image-81602\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 3\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 3<\/figcaption><\/figure>\n\n\n\n<p>There are two options to build the Azure AD dynamic group query. You can use the&nbsp;<strong>rule builder<\/strong>&nbsp;or<strong>&nbsp;rule syntax text box<\/strong>&nbsp;to create or edit an AAD device group dynamic membership rule.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Rule Builder<\/strong>&nbsp;-&gt; Graphical interface \u2013 Easy to create the dynamic query.<\/li><li>Rule Syntax -&gt; Advanced technical users for complex queries.<\/li><\/ul>\n\n\n\n<p>You need to follow the steps mentioned below to use Azure AD dynamic group&nbsp;<strong>Rule Builder<\/strong>&nbsp;to create dynamic query rules for Hybrid Azure AD joined devices.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Under&nbsp;<strong>Configure Rules -&gt; Choose Property<\/strong>&nbsp;drop-down list.<\/li><li>Select&nbsp;<strong>deviceTrustType<\/strong>&nbsp;as the property from the drop-down list.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-4.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 4\" class=\"wp-image-81623\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 4\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 4<\/figcaption><\/figure>\n\n\n\n<p>It\u2019s time to choose an&nbsp;<strong>operator&nbsp;<\/strong>now for the devicetrustType policy. I have selected&nbsp;<strong>Equals&nbsp;<\/strong>from the operator drop-down menu.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-5-1024x345.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 5\" class=\"wp-image-81625\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 5\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 5<\/figcaption><\/figure>\n\n\n\n<p>Let\u2019s look at the&nbsp;<strong>value&nbsp;<\/strong>of the property&nbsp;<strong>deviceTrustType<\/strong>&nbsp;that you want to look for in the Hybrid Azure AD Joined scenario. The&nbsp;<strong>value&nbsp;<\/strong>that you want to look for is&nbsp;<strong>ServerAD<\/strong>&nbsp;for Hybrid AAD joined devices.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-6-1024x190.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 6\" class=\"wp-image-81629\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 6\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 6<\/figcaption><\/figure>\n\n\n\n<p>You can click on the&nbsp;<strong>Validate Rules<\/strong>&nbsp;tab to validate the dynamic query just created. Follow the steps to validate the query with Azure AD Joined and Hybrid Azure AD joined devices.<\/p>\n\n\n\n<p><strong>Dynamic Query<\/strong>&nbsp;for Hybrid AAD joined devices =&nbsp;<strong>(device.deviceTrustType -eq \u201cServerAd\u201d)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Click on&nbsp;<strong>Validate Rules&nbsp;<\/strong>tab once the query rule is built as per the above steps.<\/li><li>Click on&nbsp;<strong>Add Devices<\/strong>&nbsp;link to add Azure AD Joined, and Hybrid Azure AD joined devices.<\/li><li>Search for AAD Joined, and HAAD joined devices.<\/li><li><strong>Select&nbsp;<\/strong>both domain join type devices and click on the&nbsp;<strong>Select&nbsp;<\/strong>button.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-7.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 7\" class=\"wp-image-81638\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 7\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 7<\/figcaption><\/figure>\n\n\n\n<p>Let\u2019s check the results of the validation rules now. I have added one Hybrid joined and Azure AD joined device. So it\u2019s expected to get the following results. The AAD group dynamic query that is created is accurate!<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>CPC-vidyam-2-CC<\/strong>&nbsp;-&gt;&nbsp;<strong>Not in Hybrid Azure AD<\/strong>&nbsp;joined group because this device is&nbsp;<strong>Azure AD joined<\/strong>.<\/li><li><strong>CPC-anoopb-L-DA<\/strong>&nbsp;-&gt; In&nbsp;<strong>Hybrid Azure AD<\/strong>&nbsp;joined the group because this device is&nbsp;<strong>Hybrid Azure AD joined<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-8.webp\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 8\" class=\"wp-image-81640\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 8\"\/><figcaption>Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 8<\/figcaption><\/figure>\n\n\n\n<p>You need to click the&nbsp;<strong>Save&nbsp;<\/strong>and the&nbsp;<strong>Create<\/strong>&nbsp;buttons to&nbsp;<strong>complete&nbsp;<\/strong>the Hybrid Azure AD dynamic device group creation process.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.anoopcnair.com\/wp-content\/uploads\/2022\/06\/Create-AAD-Dynamic-Groups-based-on-Domain-Join-Type-Hybrid-Azure-AD-and-Azure-AD-9-1024x453.jpg\" alt=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 9\" class=\"wp-image-81646\" title=\"Create AAD Dynamic Groups based on Domain Join Type Hybrid Azure AD and Azure AD 9\"\/><figcaption>Ref: <a href=\"https:\/\/www.anoopcnair.com\/aad-dynamic-groups-hybrid-aad-join-aad-join\/\">Create AAD Dynamic Groups Based On Domain Join Type Hybrid Azure AD And Azure AD HTMD Blog (anoopcnair.com)<\/a><\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Let\u2019s create Azure AD dynamic groups for Hybrid Azure AD joined devices. You can now use&nbsp;DeviceTrustType&nbsp;to create Hybrid Azure AD joined dynamic device groups. This is helpful to segregate AAD joined, and Hybrid AD joined devices. You can create the AAD dynamic device group using the domain join type. Follow the steps to create this <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4348\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1185,1249,10],"tags":[1317],"class_list":["post-4348","post","type-post","status-publish","format-standard","hentry","category-autopilot-intune","category-azure-microsoft","category-microsoft","tag-create-aad-dynamic-groups-for-hybrid-azure-ad-joined-devices"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4348"}],"version-history":[{"count":2,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4348\/revisions"}],"predecessor-version":[{"id":4352,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4348\/revisions\/4352"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}