Another quick post. So from time to time you need to phase out changes in your environment to random users in your organisation. You can for sure create a script and add people according to your criteria and requirements, but I have another idea for you!
Use Azure AD dynamic groups to create a growing group of users, with the criteria of your choice. I have here 4 Azure AD dynamic group queries for you to that are limited to Intune licensed users. If you have an environment of 8 000 users the first group will include about 500, next around 1500, and the two last groups will have equal amount of about 3000 users.
Why should you phase out changes? For me that’s how most changes should be handled in an organisation regardless of size. If you hit any issues, it’s not in your limited testing environment where you find issues and questions, go for phasing out your changes and listen to your users.
(user.objectId -startsWith “0”) -and (user.assignedPlans -any (assignedPlan.service -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”))
((user.objectId -startsWith “1”) -or (user.objectId -startsWith “2”) -or (user.objectId -startsWith “3”)) -and (user.assignedPlans -any (assignedPlan.service -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”))
((user.objectId -startsWith “4”) -or (user.objectId -startsWith “5”) -or (user.objectId -startsWith “6”) -or (user.objectId -startsWith “7”) -or (user.objectId -startsWith “8”) -or (user.objectId -startsWith “9”)) -and (user.assignedPlans -any (assignedPlan.service -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”))
((user.objectId -startsWith “a”) -or (user.objectId -startsWith “b”) -or (user.objectId -startsWith “c”) -or (user.objectId -startsWith “d”) -or (user.objectId -startsWith “e”) -or (user.objectId -startsWith “f”)) -and (user.assignedPlans -any (assignedPlan.service -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”))
For sure if you want to limit to any other AAD attribute that’s fine just switch this
(user.assignedPlans -any (assignedPlan.service -eq “SCO” -and assignedPlan.capabilityStatus -eq “Enabled”))
to your limit, example city, department etc. Here is a list of all possible attributes
Rules for dynamically populated groups membership – Azure AD | Microsoft Docs
And while your at it, go vote to limit a dynamic group to another assigned group and App Collections in Android
Enable limit a dynamic group to a another group -Azure AD
Manage Google Play App Collections – Microsoft Intune Feedback
Image by Dmitry Abramov from Pixabay
DeployWindows 