Configure Device Group Mapping in Microsoft Intune
Everyone that has worked with Microsoft Intune up until recently know that when users enroll their BYOD devices, even non-staged CYOD, their device would end up in the Ungrouped Devices group. This manual process of grouping the devices has now finally been addressed and in the March 2016 release of Microsoft Intune, we can now let users decide what group their devices should be a member of, by enabling the Device Group Mapping feature. This should be enabled with caution though, since the responsibility is put on the user to select what they think is the most suitable role, department or whatever you name the mapped rules. Device Group Mapping works like the following, you enable it, create you groups if necessary and then configure the rules that controls the mapping. In this post, I’ll walk you through the process of configuring this and show you how the end user experience will look like.
Enable Device Group Mapping
To enable this new feature, login to your Microsoft Intune tenant and go to the Admin workspace.
1. In the Admin workspace, select Device Group Mapping under Mobile Device Management.
2. Click on the slider to enable Device Group Mapping.
3. Click Save.
4. If you already have the desired groups to create mapping to, skip the step to create device groups. However, for the purpose of demonstration, I’ll create an IT Department group and later on map that against a rule that I’ll call IT Department. Click on Create Device Group.
5. Give the device group a name, and select the parent group. Click Next.
6. In this scenario, I only want to create a device group for Mobile Devices and I want it t be empty. Click Next.
7. For this scenario, I don’t want to add any direct memberships, therefor click Next.
8. Finally on the Summary page, click Finish.
9. You’ll now be directed to new group that we’ve created.
10. Go back to the Admin workspace and select Device Group Mapping (this is why we selected Save earlier before we did any actual configuration, so we don’t have to enable it again). Click on Add to create a rule mapping.
11. In the Add device group mapping rule window that appears, enter the category (the name that will be presented to the end user to select from) and select the desired group to be mapped with the category. In this scenario, I’ll name the category IT Department and select my newly created group, called IT Department. Click OK.
12. We can now see the new rule that we’ve created. Click on Save.
You’ve now successfully configured Device Group Mapping in your tenant. You should probably come up with a naming convention that match with your organizations needs in terms of categories that will be presented to users.
End user experience
How will this translate into the enrollment experience for end users that use the Company Portal app to enroll their device? A new step is introduced right at the end of the enrollment process, where the user have to select a category. This looks like below:
You may already have asked yourself, what about already enrolled devices, will they also get this option to select a category? The answer is, Yes (when they open the Company Portal app for the first time after this feature have been enabled in your tenant). I’d really recommend that you enable this new feature if you have the need to automatically add devices into various groups in order to have granular policy deployments for different types of devices, or even departments.
Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.