A year ago, Apple announced a new method of iOS/iPad device enrolment which is called User Enrollment. This enrolment method is available in iOS 13 and macOS 10.15 Catalina and later OS.
With the availability of user enrolment from Apple, we can use Intune to enroll iOS and iPadOS devices using Apple's User Enrolment process.
Following are the 3 device enrolment types available.
For more information about user enrollment in Intune, please refer to https://docs.microsoft.com/en-us/mem/intune/enrollment/ios-user-enrollment?
After you create an enrolment profile, assign to a user group and enroll the devices, you may need to identify the list of devices that use a specific enrolment profile for reporting purpose.
In my tenant, I have created 3 different enrollment types and assigned them to various user groups based on the requirement.
Now how do we know devices that are are enrolled using particular enrollment type?
We can use Azure Active Directory dynamic membership group with an enrollment profile name.
Azure Active Directory (Azure AD) helps you to create complex attribute-based rules to enable dynamic memberships for groups.
To create dynamic Azure AD group for specific enrollment profile, follow the steps below.
- Login to https://aad.portal.azure.com/ or https://endpoint.microsoft.com/
- Click on Azure Active Directory, click on Groups
- Click on create a new group, give it a name, description and for membership rule, choose Dynamic Device, click on add dynamic query
4. Configure the values as per below.
Value should be the enrollment type name that you created above.
5. Click on save and create
The group will now start processing the changes and fetch the devices that match the specific enrollment type.
Like wise, you can create several azure AD dynamic groups based on the attributes available and used in intune.
For a list of pre-defined rules and device attributes that can be used in dynamic groups, please refer