Microsoft is currently in the process of rolling out a preview of filtering for apps, policies and profiles in Microsoft Endpoint Manager.

With this new functionality you will be able to define extra applicability conditions for Apps, compliance policies and configuration profiles. Not every workload is supported (yet) though, for example you cannot use the filtering functionality while using a Settings Catalog configuration profile (at this point in time), you also cannot use filtering in Windows 10 Update rings and Windows 10 Feature updates. If you want to know what workloads and features are supporting filtering, check out this documentation article first.

Filtering overview

With filtering you can assign an app or policy to a user or device group, while filtering specific devices in and out of the assignment. Filters can be configured to either include or exclude devices from the assignment, so you do not have to spend time selecting those devices in Intune or waiting for dynamic device group membership to be calculated.

Before you can use the filtering functionality, you have to enable the preview functionality first. This can be done from the Tenant Administration settings in the Microsoft Endpoint Manager Admin Center. You need to click on the hyperlink for “Try out the filters (preview) feature!” for the option to enable filters to appear.

Enable filters (Preview)

Once enabled you can centrally create filters by clicking on the + Create button under Filters (preview). After providing a name for the filter (mandatory), a description (optional) and the platform (iOS/iPadOS, Windows 10, Android device administrator, macOS or Android Enterprise) you can define the ruleset.

 This ruleset is similar to the ruleset available when creating Azure AD dynamic device groups, as shown in the figure below (1) displays the options for creating a dynamic device group and (2) shows the options for creating a filter.

Azure AD Dynamic Membership rules versus MEM filter

Depending on the platform chosen properties are available to use while creating the filter rule. For Windows 10 the following properties are available:

  • deviceName
  • manufacturer
  • model
  • deviceCategory
  • osVersion
  • deviceOwnership
  • enrollmentProfilename
  • operatingSystemSKU

Which propertiesare supported for which platform is detailed in the following article: Device properties, operators, and rule editing when creating filters in Microsoft Endpoint Manager

Below is an example of you a filter could look like, in this case we create a filter where the Operations System SKU is either Professional or ServerRdsh. ServerRdsh is the SKU for Windows Enterprise for Virtual Desktops for which Microsoft is currently rolling out supporting this SKU with Microsoft Endpoint Manager.

Rule builder with Rule syntax result

Once one or more filters are created, the filter can be used while creating assignments on supported workloads.

Use filter to exclude filtered devices in assignment

After the filter has been added you can see this reflected in the assignments for the workload you configured. The Assignment will reflect the name of the filter and whether the devices in the filter will be included or excluded.

Overview of used filtering in assignment view

This new functionality opens up a lot of possible scenario’s, I could use a filter for example to exclude Virtual Machines from my default Compliance Policy for example, or filter out Windows 10 Professional from my Start Menu customization. Allowing me to reduce the issues I receive and challenges I face for any exceptions in my environment.

As written in my article titled: “Designing and building your Microsoft Endpoint Manager/Intune environment for Operations” I outlined why I prefer to use one Azure AD user group to rule them all. With these filter capabilities I can find a solution for some of the scenario’s which weren’t that easy to implement because of my design choices.

From today I will start experimenting with the functionality in my demo tenant and explore its capabilities. I already know for sure though that filtering will become part of my standard Modern Workplace implementation solution.

Use filters when assigning your apps, policies, and profiles in Microsoft Endpoint Manager

Device properties, operators, and rule editing when creating filters in Microsoft Endpoint Manager

List of platforms, policies, and app types supported by filters in Microsoft Endpoint Manager

Filter reports and troubleshooting in Microsoft Endpoint Manager

Previous articleHow to reply to a Teams message with delay
Next articleMicrosoft Teams: Adding the “correct” OneNote and Planner
I started my career in 1995 as a System Engineer in the broadcast industry, building and maintaining video editing suites and television studio's and later specializing in Telecine equipment. In 1998 I switched to a first line support function within the Information Technlogy on the dealing room of a large bank, working my way up to a 3rd line support engineer. From this position i started to work on projects, which eventually resulted in projects where I worked across the border. In this period I implemented and designed several deployment solutions for mass rollout of workstations, laptops and servers. Since 2009 I switched to a consultancy function mainly focusing on but not limited to System Center design and implementation projects, besides that I became a Microsoft Certified Trainer (MCT) and currently teach System Center Related Classes (SCCM, SCOM and SCSM). In Januari 2010 I received the Microsoft MVP award with the expertise Setup & Deployment which was extended in 2011 and 2012. In 2013 and 2014 I was awarded the VMware vExpert award. In october 2014 I received the Microsoft MVP award with the expertise System Center Cloud and Datacenter Management (SCCDM).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.