Filter out devices based on join type in Intune

This week we had an update on filters in Intune. Finally we can also filter on domain join type. This filter is useful when having different configurations for AAD joined computers and Hybrid Azure AD Joined computers.

How to setup the filter

1. Open Intune Portal
2. Select Tenant Administration / Filters
3. Select + Create, to create a new filter

4. Enter a suitable name and select the Platform: Windows 10 and later and Next

5. Select Property: deviceTrustType Operator: Equals Value: Hybrid Azure AD Joined and Next and Create

How to filter out devices in Intune

1. Open Intune Portal
2. Select Devices / Configuration Profiles
3. Open an existing Configuration Profile that you do not want to apply on Hybrid Azure AD Joined Computers
4. Edit the Assignments of the Configuration Profile
5. Select Edit Filter
6. Select Exclude filtered devices in assignment and add your filter

7. Select Review + save

Now your Configuration Profile only apply on Non Hybrid Azure AD Joined Devices. They are filtered out.

Extra tip: How to filter in devices in Intune

1. Open Intune Portal
2. Select Devices / Configuration Profiles
3. Open an existing Configuration Profile that you do want to apply on Hybrid Azure AD Joined Computers
4. Edit the Assignments of the Configuration Profile
5. Select Edit Filter
6. Select Include filtered devices in assignment and add your filter

7. Select Review + save

Now this Configuration profile will apply on all devices but only if they are Hybrid Azure AD Joined. They are filtered in!

About The Author