{"id":498346,"date":"2022-04-30T12:44:00","date_gmt":"2022-04-30T19:44:00","guid":{"rendered":"https:\/\/jorgep.com\/blog\/?p=498346"},"modified":"2024-09-20T15:41:15","modified_gmt":"2024-09-20T22:41:15","slug":"intune-group-tags-dynamic-assignment","status":"publish","type":"post","link":"https:\/\/jorgep.com\/blog\/intune-group-tags-dynamic-assignment\/","title":{"rendered":"Intune Group Tags Dynamic Assignment"},"content":{"rendered":"\n<p>Windows Autopilot registered devices is a great way to automate the deployment process without much of technician interaction.<\/p>\n\n\n\n<p>Aside from the device profile you can execute when a registered device is recognized, you can use Group Tags ( See <a href=\"https:\/\/jorgep.com\/blog\/windows-autopilot-group-tags\/\" data-type=\"post\" data-id=\"27001\">Group Tags Blog post<\/a> ) to further customized the desktop to the user or role that device will perform<\/p>\n\n\n<style>.kadence-column498346_244488-b4 > .kt-inside-inner-col,.kadence-column498346_244488-b4 > .kt-inside-inner-col:before{border-top-left-radius:0px;border-top-right-radius:0px;border-bottom-right-radius:0px;border-bottom-left-radius:0px;}.kadence-column498346_244488-b4 > .kt-inside-inner-col{column-gap:var(--global-kb-gap-sm, 1rem);}.kadence-column498346_244488-b4 > .kt-inside-inner-col{flex-direction:column;}.kadence-column498346_244488-b4 > .kt-inside-inner-col > .aligncenter{width:100%;}.kadence-column498346_244488-b4 > .kt-inside-inner-col{background-color:var(--global-palette7, #EDF2F7);}.kadence-column498346_244488-b4 > .kt-inside-inner-col:before{opacity:0.3;}.kadence-column498346_244488-b4{position:relative;}@media all and (max-width: 1024px){.kadence-column498346_244488-b4 > .kt-inside-inner-col{flex-direction:column;justify-content:center;}}@media all and (max-width: 767px){.kadence-column498346_244488-b4 > .kt-inside-inner-col{flex-direction:column;justify-content:center;}}<\/style>\n<div class=\"wp-block-kadence-column kadence-column498346_244488-b4\"><div class=\"kt-inside-inner-col\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>Side Note: <\/p>\n\n\n<style>.kadence-column498346_459482-d6 > .kt-inside-inner-col,.kadence-column498346_459482-d6 > .kt-inside-inner-col:before{border-top-left-radius:0px;border-top-right-radius:0px;border-bottom-right-radius:0px;border-bottom-left-radius:0px;}.kadence-column498346_459482-d6 > .kt-inside-inner-col{column-gap:var(--global-kb-gap-sm, 1rem);}.kadence-column498346_459482-d6 > .kt-inside-inner-col{flex-direction:column;}.kadence-column498346_459482-d6 > .kt-inside-inner-col > .aligncenter{width:100%;}.kadence-column498346_459482-d6 > .kt-inside-inner-col:before{opacity:0.3;}.kadence-column498346_459482-d6{position:relative;}@media all and (max-width: 1024px){.kadence-column498346_459482-d6 > .kt-inside-inner-col{flex-direction:column;justify-content:center;}}@media all and (max-width: 767px){.kadence-column498346_459482-d6 > .kt-inside-inner-col{flex-direction:column;justify-content:center;}}<\/style>\n<div class=\"wp-block-kadence-column kadence-column498346_459482-d6\"><div class=\"kt-inside-inner-col\">\n<p>Keeping Intune portal (M365 Device Portal)  clean should be top of mind for administrator out there! &#8212;<br>Please read: <\/p>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.tbone.se\/2024\/02\/09\/cleaning-up-inactive-intune-and-entra-id-devices\/\">Cleaning up inactive Intune and Entra ID devices &#8211; Mr T-Bone\u00b4s Blog (tbone.se)<\/a><\/li>\n\n\n\n<li> <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/devices\/manage-stale-devices\">How to manage stale devices in Microsoft Entra ID &#8211; Microsoft Entra ID | Microsoft Learn<\/a><\/li>\n<\/ul>\n\n\n\n<p>Let&#8217;s contunue&#8230;<\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>Most Group Tags are assigned at the time of ordering, but they can also be added manually post order by going into your device portal: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sign in to the&nbsp;<a href=\"https:\/\/intune.microsoft.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Intune admin center<\/a>.<\/li>\n\n\n\n<li>Click on&nbsp;<strong>Devices&nbsp;<\/strong>and then click on&nbsp;<strong>Enrollment<\/strong>.<\/li>\n\n\n\n<li>Under the&nbsp;<strong>Windows&nbsp;<\/strong>tab, click on&nbsp;<strong>Devices&nbsp;<\/strong>under&nbsp;<strong>Windows Autopilot<\/strong>&nbsp;category<\/li>\n\n\n\n<li>Find a device you want to apply a group tag and click on it.<\/li>\n\n\n\n<li>Search for the&nbsp;<strong>Group tag field<\/strong>, type the name of a group tag, and&nbsp;<strong>Save<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p>Group Tag Assignments can also be done dynamically by executing a powershell script.  A couple of examples follow: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/stevecapacity\/IntunePowershell\/blob\/main\/Autopilot%20Helper%20Scripts\/bulkGroupTagUpdate.ps1\">IntunePowershell\/Autopilot Helper Scripts\/bulkGroupTagUpdate.ps1 at main \u00b7 stevecapacity\/IntunePowershell \u00b7 GitHub<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/middlewesttech\/autopilot-intune\">GitHub &#8211; middlewesttech\/autopilot-intune: This script automates the process of importing a device into Autopilot, assigning a Group Tag\/OrderID, assigning a user to the device, and adding that user to a set MDM User Scope group. It all runs in one PowerShell script.<\/a> <\/li>\n\n\n\n<li><a href=\"https:\/\/gist.github.com\/nicolonsky\/29568077bcad7135ea7a6182742f4a55\">Bulk Update Windows Autopilot entities \u00b7 GitHub<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.anoopcnair.com\/ps-script-group-tag-of-autopilot-devices-intune\/\">PS Script To Add Or Modify Group Tag Of Autopilot Devices In Intune HTMD Blog (anoopcnair.com)<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How Many Group Tags  should I have within my environment?<\/h3>\n\n\n\n<p>This is a great question  that, frankly there has been no guidance from Microsoft on.     I have seen organizations managing thousands of devices with as little as 3 group tags.     Other organizations have hundreds of group tags for whatever reason they seemed appropriate.     <\/p>\n\n\n\n<p>I think a <strong>fantastic explanation<\/strong> of group tags within  large organizations was provided by Steve Weiner from Rubix on his multi-part blog posts: Autopilot Group Tags<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.getrubix.com\/blog\/autopilot-group-tags-1\">Autopilot Group Tags: Part 1 <\/a>&#8211; The Basics<\/li>\n\n\n\n<li><a href=\"https:\/\/www.getrubix.com\/blog\/autopilot-group-tags-part-2\">Autopilot Group Tags: Part 2 <\/a>&#8211; Magic Coffee Co 300 users<\/li>\n\n\n\n<li><a href=\"https:\/\/www.getrubix.com\/blog\/autopilot-group-tags-part-3\">Autopilot Group Tags: Part 3 <\/a>&#8211; Group Tags and Names<\/li>\n\n\n\n<li><a href=\"https:\/\/www.getrubix.com\/blog\/autopilot-group-tags-part-4\">Autopilot Group Tags: Part 4 <\/a>&#8211; Group Tags and Application Deployment &#8211; A Balancing Act<\/li>\n\n\n\n<li><a href=\"https:\/\/www.getrubix.com\/blog\/autopilot-group-tags-part-5\">Autopilot Group Tags: Part 5 <\/a>&#8211; Global Operations Inc  75,000 users<\/li>\n<\/ul>\n\n\n\n<p>After reading this  PLUS some of what I have seen,   I can provide the following observations\/recommendations <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep the number of Group Tags LOW<\/li>\n\n\n\n<li>Keep in mind Modern Device Management is about user access\/ user permission and policies.  You are not targeting devices like you used to in Config Manager.<\/li>\n\n\n\n<li>Not a good idea to use Group Tags to name your computers based on location ( Device names are becoming less important than they used to be given the visibility we have in Endpoint Manager to who is using what)<\/li>\n<\/ul>\n\n\n\n<p>Hopefully this helps!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Additional Resources:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/intune-customer-success\/intune-grouping-targeting-and-filtering-recommendations-for-best\/ba-p\/2983058\">Intune grouping, targeting, and filtering: recommendations for best performance &#8211; Microsoft Community Hub<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.niallbrady.com\/2023\/03\/22\/automating-group-tags-for-windows-autopilot-registered-devices\/\">Automating group tags for Windows Autopilot registered devices | just another windows noob ? (niallbrady.com)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/gist.github.com\/nicolonsky\/29568077bcad7135ea7a6182742f4a55\">Bulk Update Windows Autopilot entities \u00b7 GitHub<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/powerstacks.com\/automatically-categorize-intune-devices\/\">Automatically Categorize Intune Devices &#8211; PowerStacks<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.nianit.com\/automating-windows-autopilot-group-tags\/\">Intune Autopilot Group Tags Automation With Azure Runbooks (nianit.com)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/intune-customer-success\/resolved-unable-to-assign-group-tags-with-the\/ba-p\/2233247\">Resolved &#8211; Unable to assign group tags with the WindowsAutopilotIntune PowerShell script &#8211; Microsoft Community Hub<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloudinfra.net\/add-a-group-tag-to-intune-autopilot-devices-using-powershell\/\">Add A Group Tag To Intune Autopilot Devices Using Powershell (cloudinfra.net)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/carygarvin.github.io\/Assign-DeviceScopeTags.ps1\/\">Assign-DeviceScopeTags.ps1 | PowerShell Script to automatically assign Intune Device Scope Tags based on Primary SMTP Address of enrolling user. (carygarvin.github.io)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/andrewstaylor.com\/2022\/04\/26\/intune-group-tags-scope-tags-what-are-they-and-why-do-i-need-them\/\">Intune Group Tags, Scope Tags &#8211; What are they and why do I need them? &#8211; Andrew Taylor (andrewstaylor.com)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/mem\/intune\/fundamentals\/scope-tags\">Use role-based access control (RBAC) and scope tags for distributed IT &#8211; Microsoft Intune | Microsoft Learn<\/a><\/li>\n<\/ul>\n\n\n\n<p>Update: <\/p>\n\n\n\n<p><a href=\"https:\/\/cloudinfra.net\/add-a-group-tag-to-intune-autopilot-devices-using-powershell\/\">Add A Group Tag To Intune Autopilot Devices Using Powershell (cloudinfra.net)<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Windows Autopilot registered devices is a great way to automate the deployment process without much of technician interaction. Aside from the device profile you can execute when a registered device is recognized, you can use Group Tags ( See Group Tags Blog post ) to further customized the desktop to the user or role that&#8230;<\/p>\n","protected":false},"author":2,"featured_media":368607,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","ngg_post_thumbnail":0,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[17],"tags":[539,742,782],"class_list":["post-498346","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-journey","tag-intune","tag-moderneuc1","tag-windows-autopilot"],"taxonomy_info":{"category":[{"value":17,"label":"Journey"}],"post_tag":[{"value":539,"label":"Intune"},{"value":742,"label":"ModernEUC"},{"value":782,"label":"Windows Autopilot"}]},"featured_image_src_large":["https:\/\/jorgep.com\/blog\/wp-content\/uploads\/GroupTags-Featured.jpg",730,430,false],"author_info":{"display_name":"Jorge Pereira","author_link":"https:\/\/jorgep.com\/blog\/author\/jorge\/"},"comment_info":0,"category_info":[{"term_id":17,"name":"Journey","slug":"journey","term_group":0,"term_taxonomy_id":18,"taxonomy":"category","description":"","parent":0,"count":318,"filter":"raw","cat_ID":17,"category_count":318,"category_description":"","cat_name":"Journey","category_nicename":"journey","category_parent":0}],"tag_info":[{"term_id":539,"name":"Intune","slug":"intune","term_group":0,"term_taxonomy_id":549,"taxonomy":"post_tag","description":"","parent":0,"count":24,"filter":"raw"},{"term_id":742,"name":"ModernEUC","slug":"moderneuc1","term_group":0,"term_taxonomy_id":752,"taxonomy":"post_tag","description":"","parent":0,"count":284,"filter":"raw"},{"term_id":782,"name":"Windows Autopilot","slug":"windows-autopilot","term_group":0,"term_taxonomy_id":792,"taxonomy":"post_tag","description":"","parent":0,"count":22,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/posts\/498346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/comments?post=498346"}],"version-history":[{"count":0,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/posts\/498346\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/media\/368607"}],"wp:attachment":[{"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/media?parent=498346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/categories?post=498346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jorgep.com\/blog\/wp-json\/wp\/v2\/tags?post=498346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}