This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 98%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Automatic User Group Assignment in Intune for Autopilot Deployments
The deployment of 3,000 Windows devices in Intune has been completed, with Office apps assigned to device groups. However, there are occasional failures occurring at the Enrollment Status Page (ESP). The current plan is to deploy Office apps to user groups instead and to skip the ESP's "Account Setup" stage.
Is there a way to automatically add users to a new group if they initiate a new Autopilot deployment?
I would start by addressing the failures during the Autopilot provisioning process first. Skipping ESP is not the solution for failures. As for the question around office assignment is concerned, you cannot create a group the way you want dynamically using native functionality in Entra. Although I don’t really understand the approach here. If you want office to install after a user logs in then just assign to a user based group. If you are concerned about devices other than autopilot provisioned receiving the policy then just use a device filter and scope the to autopilot enrolled profile assigned devices.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Sanjeev Kumar, Thanks for posting in Q&A. Based on checking the rule property, I find there's no attribute to create user group who initiate an Autopilot enrollment.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership
Agree with Rahul Jindal [MVP], you can use Intune filter to do it. You can create a filter with enrollmentProfileName set as the Autopilot enrollment profile. When deploy office to user group add this filter to only apply to these devices.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-device-properties
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Sanjeev Kumar, Hope the above information can help. If there's anything else we can help, feel free to let us know.