Filtering in Microsoft Intune is a way to narrow down the assignment scope of a policy based on certain rules. When you create a policy, you can use filters to specify which devices or users the policy applies to. This can be based on various properties such as device type, operating system, user group, etc. This allows for more precise control and management of devices and users within an organization. It’s a powerful tool for administrators to apply the right policies to the right set of users or devices.

Why use filtering

Using filtering in Microsoft Intune is beneficial for several reasons. It gives administrators granular control over policy assignments, allowing them to target specific devices or users based on various properties. This precision ensures that policies are applied only where necessary, reducing the risk of misconfiguration or unnecessary restrictions. For instance, an organization might have different policies for devices or operating systems. With filtering, the administrator can ensure each device gets the appropriate policies based on its characteristics.

Moreover, filtering can also be used to target specific user groups. For example, an organization might want to apply stricter policies to a group of users handling sensitive data. With Intune’s filtering feature, this can be easily achieved.

Create Filtering.

To create a filter and make our way around Intune, we need to go to the Intune portal, and from there Devices | Filters and

filter

Create a filter for Intune to use

Let’s say we have set Windows 365 and are using all the normal settings policies we normally use on the user’s device. In these policy sets, we have created a policy to BitLocker the device’s hard drive. If this gets targeted to a Windows 365 Cloudpc, it will fail. This is because Microsoft already encrypted a Cloudpc on the backend.

We want to create a filter to exclude Cloudpc from getting this policy.

Creating a filter

Click on + Create and choose managed devices, give it a Filter name, and choose the platform we will work with, in this case, we will create a filter for Windows 10 and later.

On the forehand, we need to check where we can create a syntax. So after checking a CloudPC, we have seen some things we can filter on manufacturer, device model, and operatingSystemSKU

So, if we add expressions, choose a property, operator, and value. It will look like the picture below

In the Rule syntax, we can create more advanced scenarios and will always show how it will look after creating rules

Now comes an important part because we can preview the filter rules created; here, we can see if the devices we wanted to be filtered are in this ruleset and not the wrong ones.

Click on Preview

Here we can see which devices will be filtered in the rule we created

We will create several more filters just to see some possibilities.

Create a filter Windows 10

Click on + Create.

Fill in:

  • Filter name, give it a name in you’re naming convention
  • Description, give a good description so you know what it does
  • Platform set it to Windows 10 and later

Click Next

Now we have to create a rule set.

If we look at Windows 10 at the build number, it looks like 10.0.19045.4355, so we are going to create a rule set based on OS starting with 10.0.19

Fill in:

  • Property = osVersion
  • Operator = StartsWith
  • Value = 10.0.19

Click Next, Review, and click Create

Create a filter Windows 11

Click + Create.

Fill in:

  • Filter name, give it a name in you’re naming convention
  • Description, give a good description so you know what it does
  • Platform set it to Windows 10 and later

Click Next

Now we have to create a rule set.

If we look at Windows 11 at the build number, it looks like 10.0.22631.3527, so we are going to create a rule set based on OS starting with 10.0.22

Fill in:

  • Property = osVersion
  • Operator = StartsWith
  • Value = 10.0.22

Click Next, Review, and click Create

Using filtering in Intune policies

Once we have created our filter, we can apply it to our policies. For example, if we have different policies for devices or operating systems, we can use filtering to ensure each device gets the appropriate policies based on its characteristics. Similarly, we can use filtering to target specific user groups, such as those handling sensitive data, and apply stricter policies to them.

To apply a filter like a settings catalog policy, we need to go to the policy in our case. We are going to exclude the BitLocker policy being targeted on Windows 365 CloudPCs therefore, we need to the policy and edit the assignment by clicking on Edit

Here, we click on Edit filter and see three options: do not apply, include, or exclude devices in the assignment. In our case, we want to exclude the created device filter, so click on Exclude

Click on the created device filter

Click on Select and click on Review + save

In the assignment, it will look like

Conclusion

In summary, filtering in Intune enhances the efficiency and effectiveness of device and user management within an organization. It ensures the right policies are applied to the right users or devices, improving security and operational efficiency.

One thought on “Filtering you’re way around Intune”

Comments are closed.