Once you start treating Windows 11 as a different deployment ring than Windows 10, you’ll need a clean way to scope policies, applications and Conditional Access to “all Windows 11 devices in the tenant” — without manually maintaining a static group. The good news is that Entra ID supports dynamic device groups with rich rule syntax, and you can target Windows 11 by OS version, build number or device-category attribute with a single line of dynamic-membership rule. This post lays out the membership rules I use in production tenants, with examples for Windows 11 21H2 through 23H2 and beyond.
With Windows 11 widely deployed across enterprise estates, you might want to test configurations or apps specifically on Windows 11 devices. For that testing you need a group in Microsoft Entra ID. In this blog I want to show you how to create a dynamic group that contains all Windows 11 devices. I also want to show you how to create a device filter for Windows 11.
Read More »