Create Windows 11 22H2 Azure AD Device Group Step by Step Guide

Create Windows 11 22H2 Azure AD Device Group step by step process is explained in this post. I have azure AD device Windows 10 and Windows 11 21H2 groups for Intune application or policy deployment.

The Windows 11 22H2 dynamic AAD dynamic device groups are a must to target applications and policies only to the latest version of Windows 11. I have also seen the requirements of the 22H2 group creation for some of the reporting scenarios.

Azure AD group-based deployments are the primary use case for Intune Settings Catalog policies and apps. We have options such as Intune filters to target specific devices/users and avoid using AAD dynamic groups.

I would love to use Filters instead of AAD groups wherever possible. Microsoft’s SLA for Azure AD dynamic group SLA is 24 hours even though the update happens within a few minutes for 99.99% in my experience. There could be exceptions if there is some Azure AD or other incidents.

Patch My PC
Windows 11 22H2 1 - Create Windows 11 22H2 Azure AD Device Group Process
Create Windows 11 22H2 Azure AD Device Group Process Fig. 1

Azure AD Dynamic Device Groups for Windows 11 22H2

Intune uses Azure AD device groups for deploying apps and policies. The only assignment option supported by Intune is Azure AD user and device groups now. Intune also supports assignment filters. The assignment filters sit at Intune layer. This helps to filter out/in devices or users from deployments.

The AAD dynamic device/user groups are managed automatically. Depending on the query conditions, the devices /users will get automatically added or removed from the group. You must put the logic in the query rule.

The Azure AD dynamic query supports limited device attributes from a device management solution or Intune perspective. This makes things a bit difficult for Intune admins to create complex Azure AD dynamic groups. This is one of the reasons Microsoft created Intune Assignment filters.

Create Windows 11 22H2 Azure AD Device Group - Dynamic Group Vs Intune Filters
Create Windows 11 22H2 Azure AD Device Group – Dynamic Group Vs. Intune Filters Fig. 2

Create Windows 11 22H2 Azure AD Device Group

Let’s create Windows 11 22H2 Azure AD Device Group using the following step-by-step process. The main details you need before making a Windows 22H2 AAD dynamic device group are Windows 11 22H2 version details.

Adaptiva

You can get the version details of the Windows 11 version post, and the version details of Windows 11 22H2 is 22621.608. Let’s check the full version below table. The Azure AD device group creation is based on the OS version and requires a full version.

Windows 11 21H2New! – Windows 11 22H2
10.0.2200010.0.22621
Create Windows 11 22H2 Azure AD Device Group – Version Details Table 1

Now check the steps to create the AAD dynamic group for 22H2. You must have appropriate permissions to create Azure AD groups. Follow the steps to create the Device group for 22H2.

  • Login to Endpoint Manager Portal (endpoint.microsoft.com)
  • Navigate to the Groups node.
  • Click on “+ New Group. “
  • Select Security – Group Type from the drop-down option.
  • Enter Group Name “HTMD Windows 11 22H2 Device Group” (any name is fine).
  • Enter Group Description “HTMD Windows 11 22H2 Device Group” (any description is fine).
  • Select Dynamic Device as Membership type.
  • Click on Add Dynamic Query under Dynamic Device Members.
Create Windows 11 22H2 Azure AD Device Group Fig. 3
Create Windows 11 22H2 Azure AD Device Group Fig. 3

On the Dynamic membership rules page, Hover over the properties column to get an option to select Azure AD dynamic device groups based on Windows 11 22H2 OS Version. You can also copy-paste the following query to create an Azure AD dynamic device for Windows 11 22H2 Devices from the below paragraph.

You can use the below table to create the dynamic query rule for Windows 11 22H2 AAD dynamic groups. The value is the key here. If you change the value, you won’t get the appropriate results.

Property OperatorValue
osVersionStartsWith10.0.22621
Create Windows 11 22H2 Azure AD Device Group – Table 2

You can create or edit rules directly by editing the syntax in the box below. But I always prefer to use the UI as shown below for the 22H2 dynamic group. There are some scenarios where the device properties (e.g. nesting) are not published in the UI property list.

NOTE! – Changes made here may not be reflected in the rule builder. You can directly create or edit a dynamic membership rule by specifying the rule syntax.

(device.deviceOSVersion -startsWith "10.0.22621")
  • Click on the SAVE button to save the query rule.
  • You also have the option to validate the Azure AD query from Validate Rules tab, as shown in the picture. More details are explained in the below section.
Create Windows 11 22H2 Azure AD Device Group Fig. 4
Create Windows 11 22H2 Azure AD Device Group Fig. 4

You can now click on the CREATE button to complete the process of creating a Windows 11 22H2 Azure AD dynamic group.

Create Windows 11 22H2 Azure AD Device Group Fig. 5
Create Windows 11 22H2 Azure AD Device Group Fig. 5

Validation of Azure AD Dynamic Query Rule for Windows 22H2 Devices

Now, let’s check the Validation of the Azure AD Dynamic Query Rule for Windows 22H2 Devices. You can Validate Rules using the Dynamic Membership Rule tab of Azure AD group property, or you can validate the query from the Dynamic membership rules page as mentioned in the above section.

More details on the Validation of the Azure AD query language process are below.

  • Click on Validate Rules from the Dynamic membership rules page.
  • Add Devices – Select at least two or three devices. Some of the devices you think should be part of this group and some that should not be part of it.
  • Check the validation results blade to understand and confirm whether your Azure AD dynamic device group query logic is correct or not.

If the green check mark is there for the devices that must be in the group and the red cross mark against the devices that must not be part of the group, then everything is OK with the dynamic query rule.

Create Windows 11 22H2 Azure AD Device Group Fig. 6
Create Windows 11 22H2 Azure AD Device Group Fig. 6

Result

It’s time to check the results of the AAD dynamic device group created for Windows 11 22H2 devices in your Intune/Azure tenant so that you can target applications and policies specific to these devices.

  • Open the Windows 11 22H2 AAD Group.
  • Navigate to the Members tab.
  • Check the 22H2 version devices on the right panel.
Create Windows 11 22H2 Azure AD Device Group Fig. 7
Create Windows 11 22H2 Azure AD Device Group Fig. 7

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.