001: Filters
Overview
When you create a policy, you can use filters to assign a policy based on rules you create. A filter allows you to narrow the assignment scope of a policy. For example, use filters to target devices with a specific OS version or a specific manufacturer, target only personal devices or only organization-owned devices, and more.
Filters are available for:
Devices enrolled in Intune, which are managed devices.
Apps that are managed by Intune, which are managed apps.
Managed apps are used in mobile application management (MAM) scenarios. MAM involves managing apps on devices that aren't enrolled in Intune, which is common with personally owned devices. For more information on MAM in Intune, go to What is Microsoft Intune app management?.
You can use filters in the following scenarios:
Deploy a Windows device restriction policy to only the corporate devices in the Marketing department, while excluding personal devices. Deploy an iOS/iPadOS app to only the iPad devices in the Finance users group. Deploy an Android mobile phone compliance policy to all users in the company, and exclude Android meeting room devices that don't support the mobile phone compliance policy settings. On personally owned devices, deploy an app configuration policy for a specific app manufacturer or an app protection policy that runs a specific OS version. Filters include the following features and benefits:
Improve flexibility and granularity when assigning Intune policies and apps. Are used when assigning apps, policies, and profiles. They dynamically target managed devices based on device properties and target managed apps based on app properties you enter. Can include or exclude devices or apps in a specific group based on criteria you enter. Can create a query of device or app properties based on different properties, like device platform or application version. Can be used and reused in multiple scenarios in "Include" or "Exclude" mode.