Organize Intune for Windows 365 and AVD with Filters

When you start adding Windows 365 and AVD to Microsoft Endpoint Manager Intune, you will notice that most settings and apps deployed to your physical devices now also apply on your Virtual Desktops. This is probably not a great result. You might have a specific setup on your Azure Virtual Desktop with a specific application installed, now you suddenly have all your default apps on those special devices to.

So if you plan to register, or already have registered your CloudPC´s and/or AVD´s to Intune. You need to organize your existing Intune setup. To achieve this, you can create and implement Filters.


You can use filters to narrow the assignment scope of apps, config, compliance and more to specific devices. If the app or policy is assigned to specific groups or all users or all computers you can the include or exclude only those who match that filter. With filters, you can also target user groups and then filter devices or vise verse. And the best of all, filtering are super fast with instant evaluation at device check-in without any need to pre-compute.

Create filters

  1. Open Microsoft Endpoint Manager admin center
  2. Navigate to Tenant administration / Filters and select Create
  1. Name your filter and enter a description
  2. Select the platform Windows and later
  1. Configure your filter that filter out your specific targets.
  1. Review and create the filter

Some examples of filters

Windows 365(device.model -startsWith “Cloud PC “)
Virtual Machines (include AVD)(device.model -startsWith “Virtual”)
AVD Multisession(device.operatingSystemSKU -eq “ServerRdsh”)
Windows 365 and Virtual Machines(device.model -startsWith “cloud”) or (device.model -startsWith “virtual”)

Example Use of Filters

On compliance policies, configuration profiles and apps deployments. You can now use your filters to deploy this only so specific targets. Note that you can use include or exclude.

You might for example want a specific compliance policy that only applies to Windows 365 devices.

First you need to filter out your Windows 365 from the default compliance policy, use your filter and Exclude your Windows 365 device:

Next create a compliance policy for your Windows 365 devices. Assign it to All Users but this time Include filter on Windows 365. This results in a compliance policy that only apply when you are located on a windows 365 device.

About The Author

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

You may also like...