Feature Request - Group Templates - Ability to add Dynamic Membership Rules via Rule Syntax (Completed)

Welcome to the community, Tim Welch 🙂!

Awesome idea!

There are a few other ideas around Group Templates and this fits in perfectly with those.

• Add Group Template Assignment for Policy Baselines, Conditional Access Policies, and MAM Policies. – Nerdio Help Center
• Group Templates - Add Functionality – Nerdio Help Center

Out of curiosity, how often are you finding you need to do the custom rule syntax/text box vs using the wizard for the Dynamic Groups you're creating?

Great call. Dynamic memberships are a real "pain". I would like to see this for dynamic security groups and dynamic distribution groups. A GUI implementation of the later is a real game changer but I would settle for the former at least. I understand the rule syntax may not be a true GUI but if we can parse that out to a logical fill in the values for existing rules or a box where we can edit the current syntax and have Nerdio run the appropriate PS scripts in the back end, then GREAT. 

Hi Dave Stephenson - I currently provision all our Dynamic Groups via PowerShell with Microsoft Graph but this isn't really scalable to team members that aren't PowerShell proficient. 
It would be great if I could recreate what I currently provision in PowerShell with Group Templates and have a baseline that pushes them to all customers.

It's fair to say I never use the wizard.

Thanks James and Tim.

You both bring up great points.
Having a GUI/Wizard experience to automatically apply Dynamic Groups (from a template) makes it so much easier to bring-on new staff without needing them to have an advanced degree in Microsoft Graph/PowerShell or (even worse) run the risk of them configuring something wrong or forgetting to do something.

I know we don't have Microsoft 365 Group Types in our Group Templates right now.
If we add that type, would that meet your use-case, James Knorpp, or are you needing actual Dynamic Distribution Lists/Groups?

Dave Stephenson

I am ALWAYS looking for a better way to manage dynamic distribution groups. Microsoft seemingly abandoned the idea of a GUI for this years ago. I would envision something like the Entra interface for creation of dynamic security groups where I can select the parameter, select the condition, and the value

I know we can't get everything in the drop down menus, but the ability to update the conditions like we do for Dynamic security groups would be wonderful. I can do this in PowerShell but a lot of my people can not and that puts undue burden on those that can. 

From what I can see in the Azure Portal, it should be possible to include M365 Groups as an option.

If the API connection supports it as well, we could put it on the backlog of features to add.

I'm not sure if we can do the same free-form Rule Syntax box just because it would take a lot of work to get the error handling and validation within the NMM interface, but the GUI/Wizard interface could be a good first step.

Another possibility would be to handle it like we do for our Policy Management and allow dynamic groups to be imported from a Source tenant.
That way, your team could build out everything the way you like it, import it, and then turn that into your dynamic group templates.
Ooo. So many possibilities here.

Loving the discussion!
Keep it coming. 😎

I like this idea of importing a dynamic group to be used in other accounts at the MSP level! I think this would potentially tackle the error handling concern as well as be a gem for multi tenant management with similar devices/policies across customers!!!

Maybe this question doesn't belong here so let me know:
Is there limitation that requires the creation of a new dynamic group per policy assigned with the same group template? Or is it a matter of popular workflow? 
I tend to make a single dynamic group in intune and apply many policies to it.

Welcome to the community, Aidan Kieffer 🙂!

Right now, it's a 1:1 relationship between a Group Template and a Policy.
We've had a lot of partners express an interest in 1:N relationship for a single group that can be uitlized with many policies.

Can you expand a little more about your use case around your current workflow and how you'd like to see it in Nerdio Manager?

Apologies for the delay! Of course. 
we currently spec specific thin client hardware with cloud PC instances. there is a core set of policies and apps that are always deployed to these upon enrollment. 
our design pre-nerdio has just been to establish a dynamic group that would capture all of the thin clients and another for all cloud PCs. then each policy would be assigned to these groups. some to both groups. 
Both the policies and groups have a certain naming convention related to the devices to sort of double up on assignment sanity checking. 

We've used a similar method for dynamic user groups relating to departments that should have specific applications. 

Dave Stephenson
Having the ability to create dynamic user and device groups with more complex queries, at the MSP level, or importing one from an account to apply to policy baselines, would be a game changer.  EG device.devicephysicalid -any (_ -contains "[OrderID]:example") or (user.assignedPlans -any (assignedPlan.servicePlanId -eq "planid related to specific license" -and assignedPlan.capabilityStatus -eq "Enabled"))

1:1 or 1:N either way: the more complex query feature, and using them like group templates that can be assigned to policies at the MSP level would be the most important to us

Dave Stephenson
I hope this is appropriate but may have heard something to the effect of Nerdio's Product team looking into something like this? (Complex group import/creation at the MSP level)
Happy to remove this comment if it is not true/misleading!  

I haven't heard definitively if it's going to be in any specific release, but I know that Group Template improvements are on their radar.

When you're talking about "import/creation at the MSP level" are you looking to have an import feature (similar to our Intune Policy/Profiles import) where you could import existing dynamic groups into NMM?

Aidan Kieffer Tim Welch James Knorpp Thank you for your contributions to this feature request. We understand how important rule syntaxes are in solving some of the challenges you’ve shared with us.

I'm excited to share that the ability to use a custom rules syntax for setting up Group Templates will be introduced very soon! As Dave Stephenson mentioned, there’s even more in store for Group Templates, so stay tuned.

Your input continues to be invaluable to us, please keep sharing challenges within your workflows.

Dave Cox Stephenson an import "seems" the easiest to implement in terms of error handling, but honestly even if it's still as group template dynamic creation is now, that is also a go! The big thing for us would be the ability to create and use at the MSP level.

Gido Veekens Sounds exciting, thank you!  

It's hard to say. The import may be more difficult from an API perspective. Time will tell though.
From what Gido said, we'll be able to enjoy more Group Template functionality soon! 🤩

Delivered in v6.1 https://nmmhelp.getnerdio.com/hc/en-us/articles/360055385832-NMM-Release-Notes