Intune AutoPilot user group based on new autopilot device

Question

Intune AutoPilot user group based on new autopilot device

Sanjeev Kumar 20

Automatic User Group Assignment in Intune for Autopilot Deployments

The deployment of 3,000 Windows devices in Intune has been completed, with Office apps assigned to device groups. However, there are occasional failures occurring at the Enrollment Status Page (ESP). The current plan is to deploy Office apps to user groups instead and to skip the ESP's "Account Setup" stage.

Is there a way to automatically add users to a new group if they initiate a new Autopilot deployment?

2 answers

Your answer

Answer 1

Rahul Jindal 11,606

I would start by addressing the failures during the Autopilot provisioning process first. Skipping ESP is not the solution for failures. As for the question around office assignment is concerned, you cannot create a group the way you want dynamically using native functionality in Entra. Although I don’t really understand the approach here. If you want office to install after a user logs in then just assign to a user based group. If you are concerned about devices other than autopilot provisioned receiving the policy then just use a device filter and scope the to autopilot enrolled profile assigned devices.

Sanjeev Kumar 20 Reputation points

2024-12-28T05:00:16.2566667+00:00

Hi Rahul, trick you shared I tested this by creating 1 user group and add the include filter by enrollment profile name (use the different enrollment profile name) but when I sync the device app was automatically installed. As per settings configured this should not be installed because enrollment profile name is different. Note:- this test is conducted on already enrolled devices.
Sanjeev Kumar 20 Reputation points

2024-12-28T05:02:34.46+00:00

Hi Rahul, trick you shared I tested this by creating 1 user group and add the include filter by enrollment profile name (use the different enrollment profile name) but when I sync the device app was automatically installed. As per settings configured this should not be installed because enrollment profile name is different. Note:- this test is conducted on already enrolled devices.
Crystal-MSFT 54,216 Reputation points Microsoft External Staff

2024-12-30T01:29:13.7866667+00:00

You can use filter report to troubleshoot to see if there's any finding.

https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-reports-troubleshoot

Answer 2

@Sanjeev Kumar, Thanks for posting in Q&A. Based on checking the rule property, I find there's no attribute to create user group who initiate an Autopilot enrollment.

https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership

Agree with Rahul Jindal [MVP], you can use Intune filter to do it. You can create a filter with enrollmentProfileName set as the Autopilot enrollment profile. When deploy office to user group add this filter to only apply to these devices.

https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-device-properties

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Crystal-MSFT 54,216 Reputation points Microsoft External Staff

2024-11-14T02:31:14.35+00:00

@Sanjeev Kumar, Hope the above information can help. If there's anything else we can help, feel free to let us know.

Share via

Intune AutoPilot user group based on new autopilot device

2 answers

Your answer