NetCollege

Create a dynamic group for Windows 11 devices in Entra ID

Cloud & Azure | Published 2026-04-16 | By NetCollege Team

Summary: Create an Entra dynamic device group named All Windows 11 Devices using device version and OS type rules.

Goal

Create a dynamic device group in Microsoft Entra ID named All Windows 11 Devices.

Create the new group

In the Microsoft Entra admin center, go to:

  • Groups
  • All groups
  • New group

Then set:

  • Group type -> Security
  • Group name -> All Windows 11 Devices
  • Membership type -> Dynamic Device

Image - new group creation page

New group creation page in Entra

Add the dynamic membership rule

Open Dynamic membership rules and use this rule logic:

(device.deviceOSVersion -startsWith "10.0.2") and (device.deviceOSType -eq "Windows")

This matches Windows devices where the OS version begins with 10.0.2.

Image - dynamic membership rules

Dynamic membership rule using OS version and OS type

Validate the rule

Use Validate Rules and test with:

  • A Windows 11 PC (should match)
  • An iPhone (should not match)

Confirm the evaluation result before saving the group.

Image - validate rules with Windows 11 PC and iPhone

Rule validation with Windows 11 PC and iPhone

Result

After saving, the All Windows 11 Devices group will automatically maintain membership based on your dynamic rule.

Frequently asked questions

Why use a dynamic group for Windows 11 devices?

A dynamic group updates membership automatically as devices are added or changed, so you do not need to manage members manually.

What rule is used in this example?

The rule uses a device version that starts with 10.0.2 and device OS type equal to Windows.

Can I validate the rule before saving?

Yes. You can use the Validate Rules option and test with known devices, such as a Windows 11 PC and an iPhone, to confirm expected behavior.

← Back to category