How to create a Dynamic Device Group in AzureAD for Personal and Corporate devices – Cloud First
When we are using Intune in the new Azureportal (Ibiza) then we what to take advanced of dynamic device groups.
In many cases we what to make Device Configuration and deploy to either to personal or corporate devices, the easy way is to create 2 dynamic devices groups.
One for personal devices:
Powershell:
New-AzureADMSGroup -Description “All Personal Devices” -DisplayName “All Personal Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
One for Company devices:
Powershell:
New-AzureADMSGroup -Description “All Company Devices” -DisplayName “All Company Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
As a request I have updated this post to also include combined Dynamic groups for Personal or Corporate device groups – the following examples are combined with OS type.
All Personal Ipad devices
New-AzureADMSGroup -Description “All Personal Ipad Devices” -DisplayName “All Personal Ipad Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Ipad“) -And (device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
All Personal Android devices
New-AzureADMSGroup -Description “All Personal Android Devices” -DisplayName “All Personal Android Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Android”) -And (device.deviceOwnership -eq “Personal”)” -MembershipRuleProcessingState “On”
All Corporate Ipad devices
New-AzureADMSGroup -Description “All Company Ipad Devices” -DisplayName “All Company Ipad Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Ipad”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
All Corporate Ipone devices
New-AzureADMSGroup -Description “All Company Iphone Devices” -DisplayName “All Company Iphone Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Iphone”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
All Corporate Android devices
New-AzureADMSGroup -Description “All Company Android Devices” -DisplayName “All Company Android Devices” -MailEnabled $false -SecurityEnabled $true -MailNickname “Win” -GroupTypes “DynamicMembership” -MembershipRule “(device.deviceOSType -eq “Android”) -And (device.deviceOwnership -eq “Company”)” -MembershipRuleProcessingState “On”
![Windows-Hello-For-Business-Active-Directory[1]](https://maciejrebisz.com/wp-content/uploads/2025/08/Windows-Hello-For-Business-Active-Directory1-1024x576-65x65.png "Windows-Hello-For-Business-Active-Directory[1]")
![B-Intune-Graphic[1]](https://maciejrebisz.com/wp-content/uploads/2025/08/B-Intune-Graphic1-1024x603-65x65.png "B-Intune-Graphic[1]")
![wp-1593849019379[1]](https://maciejrebisz.com/wp-content/uploads/2025/08/wp-15938490193791-65x65.jpg "wp-1593849019379[1]")