Categorize devices into groups using Device Categories in Microsoft Intune

In the last article of Microsoft Intune series we discussed how to customize Intune portal and how to create terms and conditions. In this article we will discuss what are device categories, what are their benefits, and how to create device categories.

To learn more about how to create device categories and how to customize Intune portal for device enrollment, please watch this video on our channel.

What are device categories

Device categories allow you to easily manage and group devices in Microsoft Intune. When you create a device category, for example IT or HR, Microsoft Intune will automatically add all devices that fall within that category to the corresponding device group in Intune. To enable categories in your tenant, first you need to create a device category in the Microsoft Intune admin center and you need to set up dynamic Azure Active Directory (Azure AD) security groups.

Benefits of using device categories

Device categories allow you to easily manage the devices. For example, if you have multiple departments in your organization like, sales, IT or HR, you can create a device category for each department. You can add devices within these device categories as per the departments, and then you can apply different policies on those devices as per their departments. So with the help of Device Category, you can segment the devices as per their categories so that you can manage them easily.

Create device categories in Microsoft Intune

Follow below steps to create device categories in Microsoft Intune:

  1. Sign in to Microsoft Intune Admin Center.
  2. Choose Devices > Device categories.
  3. Select Create device category to add a new category.
  4. Enter the name of the new category, for example HR and a description (optional).
  5. Select Next.
  6. Assign scope tag (optional).
  7. Select Next.
  8. Select Create. The new category is added to your Device categories list.
Create device category in Intune

Create Azure AD Security Group

Now we will create a security group in Azure AD to group the devices automatically. Suppose we created a device category with name Sales.

Go to Azure AD > Groups > New group and give it a name. For example, Sales devices. (this will help you to easily find the group that is used to group devices basis on their category).

create security group in azure ad 1

Select membership type as Dynamic Device and click Add dynamic query. Select devicecategory under Property, Equals under Operator, and Sales under value.

So now what will happen, when a user will try to enroll a device, he will select the device category as per his department, and that device will be added automatically within the security group. Because within security group we have added a condition that if Device Category is equal to Sales, then add that device in this group. And when devices are added to the security group, you can simply apply policies on this security group and devices will automatically inherit those policies from the group.

Note: Remember in this example we have created a device category with name Sales.

dynamic membership rule in security group

We invite you to browse our other articles of Microsoft Intune on our website:
Demystifying Microsoft Intune: The Ultimate Guide
Decoding MDM vs MAM: A Closer Look at Mobile Management Approaches
Prepare tenant for device enrollment – Microsoft Intune