Configuring Conditional Users and Groups
Start course

This course explores the suite of tools available in Microsoft Endpoint Manager for establishing and maintaining security posture in an organization. These include tools like Microsoft Intune, used for enrolling devices as well as creating and enforcing device compliance, and Microsoft Defender, used for implementing device antivirus and malware defense tools. This course will also review the activities involved in reducing attack surfaces in an organization that bad actors could use to penetrate and expose sensitive data. This sensitive data is protected through the implementation of attack surface reduction rules which are deployed through careful auditing and testing to prevent any loss of productivity. This course will also touch on the security baselines made available to organizations wishing to enact a more granular security posture and have access to tools like secure score for evaluating the effectiveness of these efforts against known best practices.  

Learning Objectives

  • Create a compliance policy 
  • Monitor enrolled devices
  • Setup surface attack reduction rules
  • Deploy surface attack reduction rules
  • Review security baselines
  • Examine Microsoft secure score

Intended Audience

This course is designed for individuals who are responsible for setting up and monitoring device compliance and security in Microsoft 365 as well as those pursuing Microsoft certifications.


To get the most from this course, you should have some familiarity and experience with the Microsoft 365 security suite of tools including Microsoft Endpoint Manager.  


Let's take a look at how to configure conditional users and groups. Once a device is enrolled to Intune, a built-in MDM agent starts to sync device details to Intune's data warehouse. These details include name of the device, operating system, total and free storage space, enrolled date, encrypted status, and compliance. We can view device information in the Microsoft Endpoint Manager admin center or when generating reports. Groups can be used in Intune for deploying profiles, policies, and apps.

From within the Microsoft Endpoint Manager, we can create user and device groups with static and dynamic memberships. These user and device groups are used by Intune, which doesn't have its own grouping. A static group, much as it sounds, is a group that is created against a list of users in Active Directory. They are assigned at the time that the group is created and will remain in that group. A group can be created with a dynamic membership by specifying a rule that determines membership. This rule can be based on device or user properties such as the type of phone they are using or department they belong to.

The process of creating a group from a rule is a binary expression that returns either a True or False outcome. These rules are based on device attributes. A sample rule might look like this: device.deviceManufacturer -eq "Microsoft". This expression has three distinct parts. First part specifies the object attribute, which in this case is the device but alternatively could be based on the user. The second part is the operator, such as equals (shown here), starts with contains or match. The third part is the value against which we want to compare. In this example, it is the name Microsoft.

Let's look at a few other example device category expressions and define them. The first expression groups users who have a job title of Sales Director. The second expression groups all users with a preferred language that starts with English. The third expression groups all devices running an operating system equal to iPhone. The fourth expression groups all devices that are personal (versus organizational owned).


About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.