This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 15%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi All,
I need your kind support in advising me on the below questions,
Please suggest if it is possible
The grouping for TPM is inventory based and there is no attribute available in Entra ID by default that you can use out of the box for creating a group. However, you can leverage Graph to pull the information and create a group based off that. As for blocking enrolment to Intune, if the devices are already in Entra ID, then you can try creating an Entra ID group based off model in question and assign custom platform restriction policy for blocking enrolment in Intune to this very same group. Enrolment in Entra cannot be restricted based on the model. It can however be restricted based on a list of users.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@karthik palani, Thanks for posting in Q&A.
Agreed with @Rahul Jindal [MVP], currently, there is no such properties in Microsoft Entra that can query TPM 1.2 and above machines to the M365 group. As for blocking specific devices enrolling in Intune, you can create a dynamic group refer the link below and create a custom platform restriction policy.
https://www.prajwaldesai.com/intune-device-enrollment-restrictions/
Non-official, just for reference.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#rules-for-devices
Hope it can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@karthik palani, Hope things going well.
If there is any update, feel free to let me know.
@karthik palani, Hope you have a nice day.
I am kindly following up to see if you have any remaining questions or concerns for this issue. Please note that we are always standby to support. Please feel free to reach us if any questions or concerns you may have.