Modern Deployment IT Blog

Real-world IT Guides and Experiences from the Field

Create Azure AD Dynamic Group for Model Type | Helpful Quick Guide

Nathan (moderator) / / Filed Under: Azure, Azure AD Dynamic Group Rule, Intune, wmic get model /


This blog post will outline how to create an Azure AD Dynamic Group for different device model types such as Dell, HP, Hyper-V Virtual Machine and Vmware Virtual Machines. I hope this blog post can provide assistance, and be a helpful quick guide. To deploy specific applications, BIOS updates or settings to a particular hardware model in Intune, manually added devices to Azure AD groups is not practical. This is especially true for companies that have thousands of devices and many hardware models. In addition, installing VMware Tools or configurations for Hyper-V VMs are common needs for IT admins.

The first task that needs to be performed is running the wmic command to gather the correct model name as listed within WMI. We can gather this information from a command line prompt using the below WMIC syntax.

Requirements

  1. Azure Global Admin rights or User administrator Azure rights
  2. Access to the client device to run the WMIC get model command
  3. Recommended to use Microsoft Edge or Internet Explorer web browsers
WMIC Command to Query Model Name

IMPORTANT NOTE: For Lenovo models, the WMIC command is different and this vendor uses a base model command instead. As a result, the WMIC command below will return an error. I don’t currently have access to Lenovo hardware so will plan to update this blog post later to address Lenovo models.

Launch a command prompt and type this WMIC Command to get the model type:

wmic computersystem get model

The result in this example returns model: Virtual Machine for a Virtual Machine or Latitude 7390 2-in-1 for a Dell laptop hardware model.

Microsoft Hyper-V Virtual Machine model name results using the wmic command.
Dell model name results for Latitude 7390 2-in-1.

Steps to create Azure AD Dynamic Group based on WMIC Model Result

Now that we have the WMIC results for the hardware model or virtual machine model, we’ll create a Azure AD dynamic group with the following properties.

  1. Group Type: Security
  2. Group Name: Virtual Machines or Dell Latitude 7390 2-in-1
  3. Group Description: Brief details about the purpose of the group
  4. Membership Type: Dynamic Device
  5. Dynamic Membership Rule Results: Model name as shown in the WMIC command results.

Login to the Azure Portal, and click on “Azure Active Directory“.

Click on “Groups” > and select “New Group“.

Select “Security” for Group type, enter a Group Name, Description, and select “Dynamic Device” for Membership Type. In my example, I entered “Virtual Machines for ALL VM model types as the group name.

  1. Group Type: Security
  2. Group Name: Virtual Machines or Dell Latitude 7390 2-in-1
  3. Group Description: Brief details about the purpose of the group
  4. Membership Type: Dynamic Device

Click on the “Add Dynamic Query” button after entering all the required values.

For All Virtual Machines, click on the “Advanced Rule” tab and enter the following exactly as shown here. Click “Add Query” when complete.

IMPORTANT NOTE: Be careful to copy the content listed here to notepad, then paste the content into the web browser of the Azure portal to ensure no malformed characters get inadvertently copied. Malformed characters will cause the query to fail.

(device.deviceModel -eq “Virtual Machine”) -or (device.deviceModel -eq “VMware Virtual Platform”) -or (device.deviceModel -eq “VMware7,1”)

For Dell Latitude 7390 2-in-1 hardware model (or other model types), enter the following as shown here in the “Advanced Rule” which is the WMIC results that were run eariler in the article.

Click on the “Add Query” button after entering all the required values.

(device.deviceModel -eq “Latitude 7390 2-in-1”)

Click the “CREATE” button to finish the Azure AD Dynamic group creation.

Monitor the creation status in the notification area.

After a few minutes, check the status of the membership update by clicking on the group name and review the update status in the upper right corner.

After initial creation, the dynamic will take some time to update.

Dynamic AD group membership update will complete after some time. In this example, I have 4 Virtual Machines in my environment. Click on “Members” to see the devices that were dynamically added to the AAD group.

AAD Dynamic Membership Rules Update

To make changes or additions to the Dynamic Rule click on the Dynamic AAD group, click the “Dynamic Membership Rule” button and make the required changes.

That concludes this blog post with step by step instructions, to outline how to create an Azure AD Dynamic Group for Model Types that are physical or virtual devices.

References

“Create a dynamic group and check status” Microsoft article with more details.
The article is linked here.

Nathan (moderator) / / Filed Under: Azure, Azure AD Dynamic Group Rule, Intune, wmic get model /

Have Questions? Find Us On Social Media

Privacy Policy - Terms and Conditions