Managed IT provider | San Francisco | LookingPoint

Step-by-Step Guide: Creating Device Groups in Microsoft Entra ID

Written by William Panameno | Oct 8

Managing large numbers of devices in Microsoft Entra ID is easier when you organize them into groups. These groups can be used for applying policies, deploying apps, and managing access through Intune or other Microsoft services.Here’s a quick step-by-step guide to get you started:

 

Step 1: Sign in to Microsoft Entra Admin Center

 

Step 2: Go to “Groups”

  • In the left-hand menu, select Groups
  • Then click All groups
  • Click + New group

 

Step 3: Choose Group Type

In the dropdown menu, you will see two options:

  • Assigned
  • Microsoft 365
  • Group type: Choose Security
    - Security groups are used to assign policies and permissions to devices.
  • Group name: Give your group a clear, descriptive name (e.g., HR Devices, Windows Laptops)
  • Group description: Optional, but helpful for documentation

 

Why NOT to choose the Microsoft 365 group option:
Microsoft 365 groups are designed mainly for collaboration scenarios (like shared mailboxes, calendars, and Teams). They are not optimized for device management or policy assignment. Using Security groups instead ensures you can properly apply device policies, compliance rules, and access controls through Intune and Entra ID without confusion or unnecessary overhead.

 

Step 4: Set Membership Type

You have two choices:

Assigned

  • Traditional way where you manually add devices to the group.

Dynamic User (Although, MSFT constantly changes terminology so it may differ)

  • Devices are automatically added based on rules (like OS type, name, or ownership)
  • Click Add dynamic query

 

Step 5: Add Group Owner

  • Click the hyperlink “Add Owner” and select the user(s) who will “Own” this group. An owner has the power to add/remove and make changes to this group.

 

Step 6: Create a Dynamic Query

Click on “Create Dynamic Query” and you will see the screen in screenshot below.

On this screen, you can see the parameters as to what device types your Group will contain.

  • Property = What info about the user/device do I want to check?
  • Operator = What kind of match am I looking for?
  • Value = What specific value do I want to match?

In our example above, we want to query any user/device that are using Windows machines.

NOTE:

For dynamic groups, devices will be added automatically based on your rules (within a few minutes).

If you chose to stick the traditional way of “Assigned”, you will have to manually add devices to the newly created group.

 

Step 7: Create the Group

  • Review your settings
  • Click Create

 

Your device group is now ready! Now that your group exists, you can:

  • Assign Intune policies or compliance rules
  • Deploy apps
  • Restrict or allow access to resources
  • Filter conditional access policies

 

And there you have it! I hope this has been informative for you, and that you now feel more confident in implementing device groups in Entra ID. As a final note, always keep in mind that Microsoft is constantly changing its terminology and the GUI appearance, so your specific experience may differ slightly from what's shown here.

As always if you have any questions on your environment configuration and would like to schedule a free consultation with us, please reach out to at sales@lookingpoint.com and we’ll be happy to help!

 

 
View full post