A new feature in Endpoint Manager/Intune Filters is currently in public preview. Filters can be added to things like compliance policies, configuration profiles, and app assignments, which give you advanced targeting options.
The basic functionality involves applying a filter over an included device or user group, which includes or excludes devices from the assignment.
In complex environments, dynamic group membership updates can be a lengthy process, which is why you'll want to delay it as long as possible.
Documentation is available on how the new feature works here.
This feature applies to:
Android device administrator
Android Enterprise
iOS/iPadOS
macOS
Windows 10 and newer
You can try out the Filters (preview) feature by visiting Endpoint Manager admin center > Tenant administration > Filters (preview) and clicking it.
Turn Filters (preview) On the next screen that appears and click Apply.
To start creating your first filter, click Create once the feature has been enabled. First, you'll need to name your application and provide a description, as well as choose the platform you're targeting (Windows 10, iOS, Android, etc.)
We can now move onto creating the Microsoft Endpoint Manager Intune Filter. Check out the steps below for creating Intune filters.
From the Basics page in the filter workflow:
Enter the MEM Intune Filter name: Mobile iOS Corporate Devices.
Enter the Description: Filter for Apple Corporate devices
Select the platform – iOS /iPadOS
Use the rule builder to create your rule, or if you already know (or want to type) the syntax you can do so directly.
These are all text fields except where noted - you may choose any combination of them:
deviceName
manufacturer
model
deviceCategory
osVersion
isRooted (True / False / Unknown)
deviceOwnership (Personal / Corporate / Unknown)
enrollmentProfileName
Finally Click “Create” to finalize the filter.
Similarly, we can create Filter for Personal Devices.
During Assignment of Any policy / App, select the Filter which you want to include or exclude.
Policy Assignment will reflect the selected Filter along with mode
Reporting option for the Intune filter evaluation
The following is a list of all the filters that were evaluated for this device. A link to filter evaluation can be clicked on the right side of this page to view the information.
Validate following information.
Evaluation results – Match or No match
Filter mode used – Include or Exclude.
Filter name, description, platform, and rules
The properties that were evaluated for the device for this filter.
Date and time of the filter evaluation.
Including groups or devices is as easy as applying a filter. You can include or exclude multiple groups, whether they are devices, users or groups. This basically works how you'd expect when you apply filters:
If the filter mode is Include, and the result is a match, the item is applied.
If the filter mode is Include, and the result is no match, the item is not applied.
If the filter mode is Exclude, and the result is a match, the item is not applied.
If the filter mode is Exclude, and the result is no match, the item is applied.
In case of any conflict, please check the matrix from Microsoft here.