Utilizing Group Templates

I'm not sure how many people saw the new Group Templates feature in our v5.4 release, but I wanted to give it a little extra attention because the potential of the feature is so cool!

 

What is it?

Group Templates allow you to create dynamic groups (either User or Device) so that when you direct-apply an Intune Policy/Profile to a company, any new devices will have the Profile/Policy assigned to them.

It's similar to the Dynamic User and Device Groups you make in Intune, but on a global level.
NOTE: It can only be used for Intune Policies, right now, but there is an enhancement request (Group Templates - Add Functionality – Nerdio Help Center (getnerdio.com)) to expand on that functionality. If you've got the time, please go comment on/up-vote that request. 😉

How Does it Work?

At a high-level, you create your Group Template, apply it to a Policy, and then the policy (and group) are created in Intune using the logic in your Group Template.

What are the Limitations?

Currently, Group Templates can only be utilized in the following locations:

On top of that, Filters can only be applied in the following locations, but there will likely be a separate post about that in the future....

Enough talk, how do I use it?

Okay, okay. Now that we have all of the Whats? and Hows? out of the way, let's get down to how you can use the feature.

Create your Global Template(s)

  1. At the MSP-level of Nerdio, choose Group Templates
  2. Click Add new group template

  3. Enter a Name for the Template
    NOTE: At the time of writing, this name is just a way to identify the template and make it unique.
  4. Choose the Membership Type from the drop-down
  5. Toggle Dynamic Rule (if you're using a dynamic group)
  6. Apply your Dynamic Rule Parameters
  7. Click Next
  8. Create the Naming Template for the Group.
    NOTE: If you click on one of the supplied variables, it will copy it to the Name Template field. However, if you click the Copy icon, it will copy the variable to your clipboard
  9. Click Save & Close


Apply the Group Template to a Policy

Now that you've created a Group Template, you're ready to assign it to a policy.
(see Intune Policy Management at the MSP Level for more info)

  1. Select one of your Intune Policies
    NOTE: Review the What are the Limitations? section for a reminder of which policies can currently utilize the Group Templates feature.
  2. Choose Assign
  3. Click the Add assignments button
  4. Choose the Account(s)
  5. Select to either Add (the policy) or Overwrite (the policy if it exists)
  6. Click Confirm
  7. Select to either Manually sync the policy or Automatically sync the policy to the account when the policy is updated.
  8. Select the Group Template(s) you want to assign the policy
    NOTE: At the time of writing, you can only assign the policy to a single Group Template.
  9. **OPTIONAL**
    Filter the assignment to a subset of the devices
  10. Click Apply and close

    NOTE: You may need to manually Re-publish the policy for it to show-up in Intune if you're impatient like me and don't want to wait for a sync-cycle. 🙂

Check the assignment in Intune

Just because we always like to "trust, but verify", we want to go into Intune to make sure the policy applied.

  1. Logon to the customer's Intune Portal (https://intune.microsoft.com
  2. Open the Policy and check the Assignments
  3. If you want to go the extra mile, you can also check the group membership to verify the group is gathering the correct devices

 

 

Conclusions

Overall, I think the potential for the Group Templates feature is really awesome, but I'd love to hear your use-cases and if you can see the potential use in your customer's environments. 🙂

 

1

Comments (4 comments)

Avatar
Jacob Reinhardt

Great timing to draw attention to this. I 100% could see usefulness, but I am trying to package everything to a policy baseline. The feature request you mentioned doesn't address this so I'll ask here, any plans to add the 3 types that group templates can't be used in? (Policy Baselines, conditional access, and MAM Policies)

0
Avatar
Dave Stephenson

Great question/idea, Jacob Reinhardt!
I'm not sure if it's on the roadmap, yet, or not.
If you post the idea in our NMM Product and Feature Suggestions community, it's more likely that our Product team will see it and be able to answer better than I can.

I'll do my best to answer the question though. 🙂

With a lot of the features in Nerdio, we're limited by what's available to us in the Microsoft Graph API.
Somethings we're able to do by combining multiple Graph API resources together to do what we're wanting. Although with others, we're limited until additional functionality is released by Microsoft. Occasionally, we're limited by our Dev Cycle and how much we can complete before the next release.

At a high level, our Policy Baselines are most similar to an Intune Policy Set. . However, we are able to take it one step further by being able to include items (i.e. Conditional Access Policies) that an Intune Policy Set can't by utilizing multiple GraphAPI calls from the Nerdio Console.
(See Policy sets - Microsoft Intune | Microsoft Learn and screenshot below for more info.)

That being said, if we are able to provide the functionality of applying group templates to a Policy Baseline, I think it would be a great idea! If nothing else, it would give us a consistent user experience throughout the Policy Management section of NMM.  🙂

 

 

0
Avatar
Jacob Reinhardt

Solid additonal info, thank you! I had not understood the overall policy baseline structure had a corresponding object in Intune (Policy Sets). But I am not sure if that is adding up as I've assigned a policy baseline to a tenant, and I see no Policy Sets in my Intune manager. Is there something I'm not seeing ?Below shows no policy sets in a tenant that has had a policy baseline applied.

 

Either way, I definitely hope to see policy baselines added to the list of group templates in the future (see feature request at Add Group Template Assignment for Policy Baselines, Conditional Access Policies, and MAM Policies. – Nerdio Help Center (getnerdio.com)).

1
Avatar
Dave Stephenson

Thanks, Jacob. 🙂

Sorry, I probably wasn't too clear. Our Policy Baselines feature is "most similar" to the Intune Policy Sets, however it isn't an exact clone.
I was just using it as an example of how we took native Microsoft functionality, enhanced it, and made it our own. 🤓
We're not able to utilize the Intune Policy Sets because they don't allow the combining of Intune Policies with Conditional Access policies (which we're able to do with our Policy Baselines).
Hopefully that makes a little more sense?

Thanks for posting your idea in the Product and Features forums.
I'm sure other partners would like to see the same features to be added.

1

Please sign in to leave a comment.