To use filtering we have to enable preview features, therefore Microsoft created a new statement about Preview features. It is now fully supported and can be used in a production environment.


  • Public preview features for Microsoft Endpoint Manager are fully supported by Microsoft. For more information, see Public preview in Microsoft Intune.
  • To enable or disable filters for your tenant, your account must have have the Intune Service Administrator (also known as Intune Administrator) permission .
  • You can disable the Filters (preview) feature by setting it back to Off. To turn off this feature, you must remove any filter assignments, and then delete all the filters you created.

At Ignite 2021 in several sessions Microsoft states its good to go with filtering. Dynamic Device groups isn’t getting large updates to queries by the AAD Team, for mem/Intune go with filtering.

Enable Preview feature Filtering.

Log on to Endpoint manager link

Go to Tenant administration, Filters (preview)

Click on Try out the filters (preview) feature!

Set the slider to On

Get access to advanced app and policy targeting in Intune with filters. Now you can assign an app or policy to a user or device group, while filtering specific devices in and out of the assignment. Filters can be configured to either include or exclude devices from the assignment, so you don’t have to spend time selecting those devices in Intune or waiting for dynamic device group membership to be calculated.

Click on Apply

Review if it is Enabled

Now we enabled it we can use it Endpoint Manger to set and filter profiles to devices and/or user settings.


It can take a while before endpoint manager updates so the filtering option is working.

Create a filter for Endpoint Manager to use

We are going to create a filter for Windows 11 to use within Configuration profiles, because of the introduction of Windows 11 we are going to see a hardware diversity which are going to need sometimes the same type of configuration but with another setting or outcome. A good case to see this is the custom Start Layout , this layout in Windows 11 is a JSON file set with a Custom OMA URI (see link how to), but is going to fail on Windows 10 devices.

Create a filter

Click on Create.

Fill in:

  • Filter name, give it a name in you’re naming convention
  • Description, give a good description so you know what is does
  • Platform , set it to Windows 10 and later

Click Next

Now we have to create a rule set.

If we have look at Windows 11 a look at the build number it looks like 10.0.22000.258 and 10.0.22483 (latest insider build) so we are going to create a rule set based on OS starting with 10.0.22

Fill in:

  • Property = osVersion
  • Operator = StartsWith
  • Value = 10.0.22

Click Next , Review and click Create

Using filtering in Intune policies

Now we can use filtering in Intune Policies to have a look how this is going to work go to endpoint manager link

Now have a look at a device configuration policy in my case I’ll have a look at my custom policy for the Start layout Windows 11 which I don’t want to force to Windows 10 devices. At the assignment page there is now the possibility to edit filter.

Click on Edit filter

You will see the next screen

Now we want to include the filtered devices, so click on Include filtered devices in assignment

Click on the created filter

Click on review and save.