This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 37%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Hey all,
I work for an IT dept at a University. On my campus we have a space for College Faculty as well as Adjuncts. For that particular College, there is a department printer. Through Intune, I have a .ps1 that adds the department printer to any PC that is domain-named for that space.
The space is [loc]36#-D##
Any desktop located in the 36# area.
I'm having issues with locations that are in the 36* space that are in offices that contain a letter in the location, so like [loc]36#A-D## or [loc]36#F-D##
Desktops that are named "-D##" that do not have a letter involved are added to the dynamic group, but locations that have a letter after [loc]36. are not included.
Example: [loc]362-D01 is included in the group, [loc]360-D01 is included in the group, but [loc]360A-D01 is not.
This is my filter: (device.deviceOwnership -eq "Company") and (device.displayName -match "LOC36.-D.)
The wildcards on -match should be "." but in the validation the PCs I'm looking to add (in Entra) are not getting into the group.
I'm looking to include any endpoint that is named: LOC36.-D. but it doesn't seem to translate
Are there any filter tips to get me where I'm going?
I've already tried:
(device.deviceOwnership -eq "Company") and ((device.displayName -startsWith "LOC36") and (device.displayName -contains "-D")) but that didn't validate...
the markdown removed the period followed by an asterisk and made it italic instead but the period-star is what I have in my filter.
follow up: the issue might be the device ownership being Company (before Intune enrollment) so I'll need to visit each PC physically to see if the desktop has an actual user, or is just old data in Entra...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Jon Resele, Thanks for posting in Q&A.
For your issue, please ensure the dynamic rule syntax is correct, and you can validate it follow the link below.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-validation
The official documentation also points out that you should reduce the use of Contain and Match as much as possible to achieve better results.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-rule-more-efficient
Also, you can consider change the displayName and ownership to an easy one or consider the Consider other device attributes for filtering
Here is a link containing the device attributes that you can refer to.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#rules-for-devices
Hope above information can help you, if there is any update, feel free to let me know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
(device.displayName -match "LOC36.-D.") and (device.deviceOwnership -eq "Company")
The offices that were not validating look like they were not being seen as Corporate devices, so it looks like I need to go around and visit them to see their statuses.
@Jon Resele, Thanks for your reply.
Please check what you mentioned and feel free to let me know if there is any update.