Endpoint Manager / Intune, Powershell Microsoft 365

Entra ID mehrere Gruppen mit Powershell anlegen

Mai 11, 2024

Dynamische Geräte Gruppe Windows Entra Joined
Dynamische Geräte Gruppe Windows Entra Registered
Dynmische Geräte Gruppe macOS Company
Dynmische Geräte Gruppe macOS Personal
Dynmische Geräte Gruppe iOS Personal
Dynmische Geräte Gruppe iOS Company
Dynmische Geräte Gruppe Android Registered
Dynamische macOS Gruppe Automatic device enrollment
Dynamische Windows Autopilot Gruppe
Dynamische Benutergruppe mit gültiger Microsoft 365 Lizenz (Ausgenommen .onmicrosoft.com Konten)

Connect-AzureAD

#SG_Devices_Windows_10_Azure-joined

new-azureadmsgroup -displayname "SG_Devices_Windows_10_Azure-joined" -description "Alle Win10 Geräte, die in der MDM Verwaltung sind und in die Azure Domäne gejoined sind" -mailenabled $false -mailnickname "SG_Devices_Windows_10_Azure-joined" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.DeviceOSType -in [""Windows"",""Windows 10 Pro"",""Windows 10 Enterprise""]) -and (device.deviceOSVersion -startsWith ""10.0"") -and (device.managementType -eq ""MDM"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_Windows_10_Azure-registered

new-azureadmsgroup -displayname "SG_Devices_Windows_10_Azure-registered" -description "Beschreibung: Alle Win10 Geräte, wo ein das Unternehmenskonto hinterlegt ist (die aber nicht durch das MDM verwaltet werden)" -mailenabled $false -mailnickname "SG_Devices_Windows_10_Azure-registered" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.DeviceOSType -in [""Windows"",""Windows 10 Pro"",""Windows 10 Enterprise""]) -and (device.deviceOSVersion -startsWith ""10.0"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_iOS_MDM

new-azureadmsgroup -displayname "SG_Devices_iOS_MDM" -description " Alle iOS Geräte die von MDM verwaltet werden" -mailenabled $false -mailnickname "SG_Devices_iOS_MDM" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "((device.deviceOSType -eq ""iPad"") -or (device.deviceOSType -eq ""iPhone""))" -membershipruleprocessingstate "On"


sleep 3

#SG_Devices_iOS_MDM_Company

new-azureadmsgroup -displayname "SG_Devices_iOS_MDM_Company" -description "Alle iOS Geräte die von MDM verwaltet werden (Unternehmensgeräte)" -mailenabled $false -mailnickname "SG_Devices_iOS_MDM_Company" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.managementType -eq ""MDM"") and (device.deviceOwnership -contains ""Company"") and ((device.deviceOSType -eq ""iPad"") or (device.deviceOSType -eq ""iPhone""))" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_iOS_MDM_Personal

new-azureadmsgroup -displayname "SG_Devices_iOS_MDM_Personal" -description " Alle iOS Geräte die von MDM verwaltet werden (Private Geräte)" -mailenabled $false -mailnickname "SG_Devices_iOS_MDM_Personal" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "((device.deviceOSType -eq ""iPad"") -or (device.deviceOSType -eq ""iPhone"")) and (device.deviceOwnership -contains ""Personal"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_iOS_Azure-registered

new-azureadmsgroup -displayname "SG_Devices_iOS_Azure-registered" -description "Alle iOS Geräte die im Azure registriert sind als bekanntes Gerät (aber nicht durch MDM verwaltet werden)" -mailenabled $false -mailnickname "SG_Devices_iOS_Azure-registered" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.deviceOSType -eq ""iOS"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_Android_Azure-registered

new-azureadmsgroup -displayname "SG_Devices_Android_Azure-registered" -description "Alle Android Geräte die im Azure registriert sind als bekanntes Gerät (aber nicht durch MDM verwaltet werden)" -mailenabled $false -mailnickname "SG_Devices_Android_Azure-registered" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.deviceOSType -eq ""Android"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_MacOS_MDM_Personal

new-azureadmsgroup -displayname "SG_Devices_MacOS_MDM_Personal" -description "Alle Personal MacOS Geräte, die vom MDM verwaltet werden" -mailenabled $false -mailnickname "SG_Devices_MacOS_MDM_Personal" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.managementType -eq ""MDM"") and (device.deviceOwnership -contains ""Personal"") and (device.deviceOSType -eq ""macMDM"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_MacOS_MDM_Company

new-azureadmsgroup -displayname "SG_Devices_MacOS_MDM_Company" -description "Alle Company MacOS Geräte, die vom MDM verwaltet werden" -mailenabled $false -mailnickname "SG_Devices_MacOS_MDM_Company" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.managementType -eq ""MDM"") and (device.deviceOwnership -contains ""Company"") and (device.deviceOSType -eq ""macMDM"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_MacOS_MDM

new-azureadmsgroup -displayname "SG_Devices_MacOS_MDM" -description "Alle MacOS Geräte, die vom MDM verwaltet werden" -mailenabled $false -mailnickname "SG_Devices_MacOS_MDM" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.deviceOSType -eq ""macOS"" or device.deviceOSType -eq ""macMDM"") and (device.managementType -eq ""MDM"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_MacOS_ADE

new-azureadmsgroup -displayname "SG_Devices_MacOS_ADE" -description "Automatic device enrollment" -mailenabled $false -mailnickname "SG_Devices_MacOS_ADE" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.enrollmentProfileName -eq ""macOS_ADE"")" -membershipruleprocessingstate "On"

sleep 3

#SG_Devices_Windows10_11_Autopilot

new-azureadmsgroup -displayname "SG_Devices_Windows10_11_Autopilot" -description "Geräte die mittels Autopilot deployed werden" -mailenabled $false -mailnickname "SG_Devices_Windows10_11_Autopilot" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(device.devicePhysicalIDs -any _ -contains ""[ZTDId]"")" -membershipruleprocessingstate "On"

sleep 3

#SG_User_Licensed_All

new-azureadmsgroup -displayname "SG_User_Licensed_All" -description "Alle User mit einer gültigen Office Lizenz (keine Exchange Plan)" -mailenabled $false -mailnickname "SG_User_Licensed_All" -securityenabled $true -grouptypes "DynamicMembership" -membershipRule "(user.assignedPlans -any ((assignedPlan.service -match ""MicrosoftOffice"") -and (assignedPlan.capabilityStatus -eq ""Enabled""))) and (user.userPrincipalName -notMatch ""^*.onmicrosoft.com"") " -membershipruleprocessingstate "On"