Filtering in Microsoft Intune is a way to narrow down the assignment scope of a policy based on certain rules. When you create a policy, you can use filters to specify which devices or users the policy applies to. This can be based on various properties such as device type, operating system, user group, etc. This allows for more precise control and management of devices and users within an organization. It’s a powerful tool for administrators to apply the right policies to the right set of users or devices.
Why use filtering
Using filtering in Microsoft Intune is beneficial for several reasons. It gives administrators granular control over policy assignments, allowing them to target specific devices or users based on various properties. This precision ensures that policies are applied only where necessary, reducing the risk of misconfiguration or unnecessary restrictions. For instance, an organization might have different policies for devices or operating systems. With filtering, the administrator can ensure each device gets the appropriate policies based on its characteristics.
Moreover, filtering can also be used to target specific user groups. For example, an organization might want to apply stricter policies to a group of users handling sensitive data. With Intune’s filtering feature, this can be easily achieved.
Create Filtering.
To create a filter and make our way around Intune, we need to go to the Intune portal, and from there Devices | Filters and
Create a filter for Intune to use
Let’s say we have set Windows 365 and are using all the normal settings policies we normally use on the user’s device. In these policy sets, we have created a policy to BitLocker the device’s hard drive. If this gets targeted to a Windows 365 Cloudpc, it will fail. This is because Microsoft already encrypted a Cloudpc on the backend.
We want to create a filter to exclude Cloudpc from getting this policy.
Creating a filter
Click on + Create and choose managed devices, give it a Filter name, and choose the platform we will work with, in this case, we will create a filter for Windows 10 and later.
On the forehand, we need to check where we can create a syntax. So after checking a CloudPC, we have seen some things we can filter on the manufacturer, device model, and operatingSystemSKU
So, if we add expressions, choose a property, operator, and value. It will look like the picture below
In the Rule syntax, we can create more advanced scenarios and will always show how it will look after creating rules
Now comes an important part because we can preview the filter rules created; here, we can see if the devices we wanted to be filtered are in this ruleset and not the wrong ones.
Click on Preview
Here we can see which devices will be filtered in the rule we created
We will create several more filters just to see some possibilities.
Create a filter Windows 10
Click on + Create.
Fill in:
- Filter name, give it a name in you’re naming convention
- Description, give a good description so you know what it does
- Platform set it to Windows 10 and later
Click Next
Now we have to create a rule set.
If we look at Windows 10 at the build number, it looks like 10.0.19045.4355, so we are going to create a rule set based on OS starting with 10.0.19
Fill in:
- Property = osVersion
- Operator = StartsWith
- Value = 10.0.19
Click Next, Review, and click Create
Create a filter Windows 11
Click + Create.
Fill in:
- Filter name, give it a name in you’re naming convention
- Description, give a good description so you know what it does
- Platform set it to Windows 10 and later
Click Next
Now we have to create a rule set.
If we look at Windows 11 at the build number, it looks like 10.0.22631.3527, so we are going to create a rule set based on OS starting with 10.0.22
Fill in:
- Property = osVersion
- Operator = StartsWith
- Value = 10.0.22
Click Next, Review, and click Create
Using filtering in Intune policies
Once we have created our filter, we can apply it to our policies. For example, if we have different policies for devices or operating systems, we can use filtering to ensure each device gets the appropriate policies based on its characteristics. Similarly, we can use filtering to target specific user groups, such as those handling sensitive data, and apply stricter policies to them.
To apply a filter like a settings catalog policy, we need to go to the policy in our case. We are going to exclude the BitLocker policy being targeted on Windows 365 CloudPCs therefore, we need to the policy and edit the assignment by clicking on Edit
Here, we click on Edit filter and see three options: do not apply, include, or exclude devices in the assignment. In our case, we want to exclude the created device filter, so click on Exclude
Click on the created device filter
Click on Select and click on Review + save
In the assignment, it will look like
Conclusion
In summary, filtering in Intune enhances the efficiency and effectiveness of device and user management within an organization. It ensures the right policies are applied to the right users or devices, improving security and operational efficiency.
[…] Filtering you’re way around Intune […]
[…] operating system. Next, you must filter these policies to include the specific Windows version. By filtering policies, you can ensure that the right configurations are applied to the right devices, depending […]
[…] platform restrictions specifically for Windows. These restrictions offer the flexibility to be filtered, as we did for Windows 10 and 11. However, with the introduction of Windows attestation, a new […]