Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft Intune Cookbook

You're reading from   Microsoft Intune Cookbook Over 75 recipes for configuring, managing, and automating your identities, apps, and endpoint devices

Arrow left icon
Product type Paperback
Published in Jan 2024
Publisher Packt
ISBN-13 9781805126546
Length 574 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Andrew Taylor Andrew Taylor
Author Profile Icon Andrew Taylor
Andrew Taylor
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Chapter 1: Getting Started with Microsoft Intune FREE CHAPTER 2. Chapter 2: Configuring Your New Tenant for Windows Devices 3. Chapter 3: Securing Your Windows Devices with Security Policies 4. Chapter 4: Setting Up Enrollment and Updates for Windows 5. Chapter 5: Android Device Management 6. Chapter 6: iOS Device Management 7. Chapter 7: macOS Device Management 8. Chapter 8: Setting Up Your Compliance Policies 9. Chapter 9: Monitoring Your New Environment 10. Chapter 10: Looking at Reporting 11. Chapter 11: Packaging Your Windows Applications 12. Chapter 12: PowerShell Scripting across Intune 13. Chapter 13: Tenant Administration 14. Chapter 14: Looking at Intune Suite 15. Index 16. Other Books You May Enjoy

Creating Entra ID static groups

Now that our new user has been configured, we need a way to assign our policies to them and any machines they may use. For this, we need to configure Entra ID groups, which come in two flavors – static and dynamic.

If you are familiar with traditional Active Directory groups, these are very similar, except they include dynamic groups, where a group is populated automatically based on a particular query or filter that has been configured.

Getting ready

First, load the Entra portal, expand Groups, and click on All Groups (you can also access groups within the Intune portal, which loads the same window).

How to do it…

A static group is pretty straightforward to use – you manually add either users or devices to it:

  1. Click on New Group and enter the necessary details. Set Group type to Security and enter Group name and Group description values. If you want to be able to assign roles directly to the group instead of at the user level (for example, you want a group of Intune administrators), change the setting to Yes. Set Membership type to Assigned. Optionally, add any members and an owner to manage the group. Then, click Create.
  2. Once your group has been created, click on it to look at some of the other actions you can take against it. You can also get an overview of the group membership, as well as the group ID:
Figure 1.7– Entra ID group menu

Figure 1.7– Entra ID group menu

Members and Owners are pretty self-explanatory. Administrative units is a useful feature if you want to delegate within your environment. Say, for example, you want your service desk to be able to perform tasks on a particular group of users – you can create an administrative unit and assign users and groups to it. You can then configure a custom Azure role with specific access only to that administrative unit. Group memberships is for nested groups. Clicking the Licenses option allows you to assign a license at a group level rather than directly to the users. If you selected Yes earlier, you can also assign Azure roles to the group in the Azure role assignments menu.

With that, you have created a static Microsoft Entra group.

Automating it

Creating this PowerShell script will automate your Entra group creation process, which will be useful when you need to bulk-create groups during your tenant management.

This is a fairly easy one to automate:

  1. As usual, we need to start with the variables:
    $groupname = "TestGroup123"
    $groupdescription = "TestGroupDescription"
  2. Convert the group name into lowercase and remove any special characters so that we can use it as the mail nickname:
    $groupnickname = ($groupname -replace '[^a-zA-Z0-9]', '').ToLower()
  3. Set the URL. Here, we are using the Groups subsection of Graph:
    $uri = "https://graph.microsoft.com/beta/groups/"
  4. Populate the JSON. We do not need mail for this group as it is for Entra ID and Intune membership only and it is a security group, so we need to pass this through:
    $json = @"
    {
        "description": "$groupdescription",
        "displayName": "$groupname",
        "mailEnabled": false,
        "mailNickname": "$groupnickname",
        "securityEnabled": true
    }
    "@
  5. Send the command to create the group:
    Invoke-MgGraphRequest -Uri $uri -Method Post -Body $json -ContentType "application/json"

    This can also be completed by using the New-mgGroup module and passing variables through if required.

You now have a script to create your static Entra groups automatically.

You have been reading a chapter from
Microsoft Intune Cookbook
Published in: Jan 2024
Publisher: Packt
ISBN-13: 9781805126546
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime