Feature Request - Custom Device Filters (Completed)

Welcome to the community, Tomas R Bedford  🙂!

Great idea!
Currently, we can create/utilize custom filters at the individual tenant level (by creating them in the customer's Intune Portal), but we don't have a way to define these from NMM.
 

Would you be wanting to be able to import the filters from an existing customer tenant or just create new ones from the MSP-level of NMM?

Hey Dave,
It was nice meeting you at NerdioCon.

I would want to create them from the MSP level of NMM so that all my tenants have the same filter selectable on policies. Example I currently create a filter in all tenants for Entra joined devices and one Hybrid Joined Devices.

I would want to be able to import these to new tenants ideally staying in Nerdio.

Ahh. I thought your name looked familiar.
It was great getting to talk to you at NerdioCon!
I didn't want to say anything though if it was a different Tomas and end-up with egg on my face 😄

Hopefully the GraphAPI supports creating/deploying the device filters.
The example you gave (Entra Joined and Hybrid Joined) would be some pretty standard ones to implement into the product.

If we can make it so it's like the Group Templates feature (with a custom rule syntax box), that would make it really flexible.

Haha no worries.

While this would work there is some performance difference with dynamic groups vs filters for new devices coming into Intune. So if you group exclude you will end up with a lot of policies miss-applying while filters will not have that issue.

Filters use the graph resource
graph.microsoft . com/deviceManagement/assignmentFilters
Get will return them all and I believe a direct post imports the json

I dont remember any manipulation being needed for it to import correctly.

Dave, I would concur with Tomas here. As per current guidance from Microsoft (Performance recommendations when using filters | Microsoft Learn), they discourage using dynamic groups due to delays in population that lead to inclusions where it should not happen. 
“This recommendation exists due to the timing/latency characteristic of dynamic groups. Excluded groups membership isn't instant, which can result in cases where devices incorrectly receive app or policy assignments. To understand more, go to Assign policies and profiles - support matrix.” I have found in Nerdio that such is exactly a problem when trying to deploy new host pools and I need a policy to be excluded for Nerdio to do its processes.

I can confirm Graph supports creating device filters. I would like to see Nerdio provide first class experience for defining Filter templates as well as group templates at the tenant level for automating customer level items too. Thank you for your review.

Excellent! Thanks, Tomas and Jacob.
If it's already in Graph, that will make it that much easier to implement.

Sorry if I was unclear. I didn't mean to use Group Templates/Dynamic Groups as a replacement for the Filters, but more of how I thought the UI could look/function in NMM with a Rule Builder and Rule Syntax pane.

Hi Tomas R Bedford &  Jacob Reinhardt 

Thanks for sharing your feedback! I completely agree—this enhancement would bring significant flexibility and performance improvements, especially when managing larger customer environments. I'm pleased to share that we're actively working on a solution to manage these Filters at the MSP level in NMM for both managed apps and devices. This will enable their use in policy and app assignments in the near future.