Smart Computer Group for Intune Registration

New Contributor II

I am trying to figure out a Smart Computer group that can see which Macbooks have not registered with AAD yet and need to.

The setup guide says to use a group for if the Macbook has the Company Portal app. Which is great for the first run but what happens if user ignore or it fails part way.
I have come across this past on an EA, but it seems this should no longer be needed: Solved: Intune Extension Attribute - Jamf Nation Community - 211981

I also like this idea but no mention of how the smart group was done: Solved: Jamf policy frequency every hour - Jamf Nation Community - 263626

I see the items that Intune adds, such as Computer Azure Active Directory ID, Conditional Access Inventory State and others.
But I can't seem to get a group that works to show me Macs that do not have those. It seems to want to filter off a value that would be there versus not existing.



New Contributor II


New Contributor II

Did you figure this out?

I have not. But mostly our Intune rollout has been side-tracked for other projects so I have not really dug into this much more.

New Contributor

Hello All,

We were in the same group but did some testing around and found what we think is the solution.  We looked at two machines, one that was registered in Intune, and one that was not.  We discovered that in the machine inventory, under Local User Accounts, the data shows up for Computer AAD ID, User AAD ID, and Conditional Access Inventory State, for those that were registered in Intune.  The data was empty for those not registered in Intune.

So, we tried to make a smart group based on this.  Long story short, we found that creating a group with the criteria "User AAD ID" is "blank", pulls the list of machines that are NOT in Intune. 

Hope this helps!