You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To make managing devices easier, you can use Microsoft Intune device categories to automatically add devices to groups based on categories that you define.
36
+
Device categories allow you to easily manage and group devices in Microsoft Intune. Create a category, such as *sales* or *accounting*, and Intune automatically add all devices that fall within that category to the corresponding device group in Intune.
37
37
38
-
Device categories use the following workflow:
39
-
1. Create categories that users can choose from when they enroll their device.
40
-
2. When users of iOS/iPadOS and Android devices enroll a device, they must choose a category from the list of categories you configured. To assign a category to a Windows device, users must use the Company Portal website.
41
-
3. You can then deploy policies and apps to these groups.
38
+
To enable categories in your tenant, you must create a category in the Microsoft Endpoint Manager admin center and set up dynamic Azure Active Directory (Azure AD) security groups.
39
+
40
+
This article describes how to configure and edit device categories.
42
41
43
-
You can create any device categories you want. For example:
44
-
- Point-of-sale device
45
-
- Demonstration device
46
-
- Sales
47
-
- Accounting
48
-
- Manager
42
+
## Configure device categories
49
43
50
-
## How to configure device categories
44
+
You must be a Global Administrator or Intune Administrator to perform these steps.
51
45
52
-
You need to be a Global Administrator or Intune Administrator to perform these steps.
53
-
54
-
### Step 1: Create device categories in Intune
46
+
### Step 1: Create device category in Intune
55
47
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
56
-
2. Choose **Devices** > **Device categories** > **Create device category** to add a new category.
57
-
3. On the **Create device category** pane, enter a **Name** for the new category, and an optional **Description**.
58
-
4. When you are done, select **Create**. You can see the new category in the list of categories.
59
-
60
-
You'll use the device category name when you create Azure Active Directory (Azure AD) security groups in step 2.
61
-
62
-
### Step 2: Create Azure Active Directory security groups
63
-
In this step, you'll create dynamic groups in the Azure portal, based on the device category and device category name.
64
-
65
-
To continue, refer to [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation.
66
-
67
-
Use the information in this section to create a device group with an advanced rule, by using the **deviceCategory** attribute. For example: **device.deviceCategory -eq** "*the device category name you got from the Azure portal*".
48
+
2. Choose **Devices** > **Device categories**.
49
+
3. Select **Create device category** to add a new category.
50
+
4. Enter the name of the new category, such as `HR` and an optional description.
51
+
5. Select **Next**.
52
+
6. Optionally, assign a scope tag, like `US-NC IT Team` or `JohnGlenn_ITDepartment`, to limit management of the category to specific IT groups. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](../fundamentals/scope-tags.md).
53
+
7. Select **Next**.
54
+
8. Select **Create**. The new category is added to your **Device categories** list.
68
55
69
-
After you configure device groups, and users enroll their device, they are presented with a list of the categories you configured. After they choose a category and finish enrollment, their device is added to the Active Directory security group that corresponds with the category they chose.
56
+
You'll use the device category name when you create Azure Active Directory (Azure AD) security groups in the next step.
70
57
71
-
### View the categories of devices that you manage
58
+
### Step 2: Create Azure AD security groups
72
59
73
-
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices**> **All devices**.
60
+
To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation. Create an advanced rule for your group using the **deviceCategory**attribute and the category name you created in [Step 1](device-group-mapping.md#step-1-create-device category-in-Intune) of this article.
74
61
75
-
2. In the list of devices, examine the **Device category** column.
62
+
For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: `device.deviceCategory -eq "HR"`
76
63
77
-
If the **Device category** column isn't shown, select **Columns** > **Category** > **Apply**.
64
+
### View categories of all devices
65
+
Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Devices** > **All devices** for a list of all devices. The **Device category** column shows the category assigned to each device.
66
+
67
+
If the **Device category** column isn't visible in the table, select **Columns** and then choose **Category** > **Apply**.
78
68
79
-
### Change the category of a device
69
+
When you delete a category, devices assigned to it appear as **Unassigned**.
80
70
81
-
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **All devices** > choose the device you want > **Properties**.
82
-
2. On the next blade, you can change the **Device category** of the selected device to any of the category names you previously configured.
71
+
### Change the category of a device
72
+
If you edit a category, be sure to update any Azure AD security groups that reference the category in their rules.
83
73
84
-
## After you configure device groups
85
-
86
-
When users of iOS/iPadOS and Android devices enroll their device, they must choose a category from the list of categories you configured. After they choose a category and finish enrollment, their device is added to the Intune device group, or the Active Directory security group that corresponds with the category they chose.
87
-
88
-
Windows users should use the Company Portal website or the Company Portal app to select a category.
89
-
90
-
Regardless of platform, your users can always go to portal.manage.microsoft.com after enrolling the device. Have the user access the Company Portal website, and go to **My Devices**. The user can choose an enrolled device listed on the page, and then select a category.
91
-
92
-
After choosing a category, the device is automatically added to the corresponding group you created. If a device is already enrolled before you configure categories, the user sees a notification about the device on the Company Portal website. This lets the user know to select a category the next time they access the Company Portal app on iOS/iPadOS or Android.
74
+
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
75
+
2. Select **Devices** > **All devices**.
76
+
3. Select a device.
77
+
4. On the device details page, select **Properties**.
78
+
5. Change your selection in the **Device category** field.
93
79
94
-
## Further information
95
-
- You can edit a device category in the Azure portal, but you must manually update any Azure AD security groups that reference this category.
80
+
## Best practices
81
+
Device categories are supported on devices running Android, iOS/iPadOS, or Windows. People with Windows devices must use the Company Portal website to select their category. Regardless of platform, any device user can sign in to portal.manage.microsoft.com at anytime and go to **My devices** to select a category.
96
82
97
-
-If you delete a category, devices assigned to it display the category name **Unassigned**.
83
+
If an iOS/iPadOS or Android device is already enrolled before you configure categories, the user will receive a notification about the device on the Company Portal website. The notification informs them that they need to select a category the next time they're in the Company Portal app.
This report tells you where in the Company Portal enrollment process users are not completing the enrollment process.
35
35
36
-
To see the report, choose **Intune** > **Device enrollment** > **Incomplete user enrollments**.
36
+
To see the report, sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Then select **Devices** > **Monitor* > **Incomplete user enrollments**.
37
37
38
38
Using this information, you can update your onboarding documents to help users complete enrollment. For example, if many users are quitting at the Terms of Use, you might investigate that area and make it more intuitive for users.
39
39
@@ -74,7 +74,7 @@ The line graph shows the daily incomplete enrollments for each of the four core
74
74
75
75
### User abandonment actions
76
76
77
-
The following tables show the list of user actions that qualify as prompting an incomplete enrollment. To see examples of enrollment screens, you can watch the [iOS](https://channel9.msdn.com/Series/IntuneEnrollment/iOS-Enrollment) and [Android](https://channel9.msdn.com/Series/IntuneEnrollment/Android-Enrollment) enrollment videos.
77
+
The following tables list the user actions that indicate enrollment is incomplete.
0 commit comments