How To Create and Usages of Microsoft Endpoint Manager (MEM) Device Filters

MEM device filters finally came out of preview to General Availability (GA) and lets see why we need to use device filters.



What Device Filters Does?

This helps the Endpoint Manager policies to apply in a more targeted manner. This feature is similar to the setting up targeted GPO assignments or probably GPO loopback processing. This eliminates having to create many groups to manage policies when required.

Device Filters has 2 types – Inclusions and Exclusions

Inclusions ✅- Apply the policy to all the devices in the inclusion filter, but not to others

Exclusions ❌ – Apply the policy to all the devices excluding the devices in the filter


An example related to User Group and Device Filters

If you have a MEM policy that needs to be assigned to the users, that means when the user logs on to a AAD or Hybrid AAD joined device, the policy will be in play. But you may have a group of trusted devices that you don’t want the MEM policy to be applied then the user logs in. You can simply use an exclude filter to achieve that



How to create a Filter?

  • Press the Preview Devices to see the captured devices under this policy
  • Press Next and Create to finalise the Filter creation


How to apply a device filter?

  • Create the Microsoft Endpoint Manager policy as usual – Let’s create a test policy
  • https://endpoint.microsoft.com/ > Devices > Configueration Profiles > Create Profile

Make sure you complete the policy with the necessary config and press Next to Assignments

Select your devices group

Click on Edit Filter

Select the setting whether the devices should be Included ✅ or Excluded ❌ from the policy (In this section I have selected the inclusion)

Select the Filter from the previously created Filters list and press Select

Now you can see the see the Assignment have changed as below for the Filter Mode



Final Words

This is a great modern feature to target the devices you need without creating more groups that eventually can go out of hand and unable to manage.












Feature image: Icon vector created by starline – www.freepik.com

Advertisement

One thought on “How To Create and Usages of Microsoft Endpoint Manager (MEM) Device Filters

  1. Pingback: How To Map a Shared Drive Using Microsoft Endpoint Manager instead of GPOs – Shehan Perera [techBlog]

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.