Earlier today (3 May 2021) when accessing a customer environment I’ve come across a new undocumented feature that I’ve not seen in another other customer environment at this stage.
Get access to advanced app and policy targeting in Intune with filters. Now you can assign an app or policy to a user or device group, while filtering specific devices in and out of the assignment. Filters can be configured to either include or exclude devices from the assignment, so you dont have to spend time selecting those devices in Intune or waiting for dynamic device group membership to be calculated
With filters enabled you can create a “filter” based on a device criteria for a specific platform.
The device criteria is similar to Azure AD dynamic device groups with a new addition operatingSystemSKU
Once you have created a filter you can use it in policy and application assignment.
I’ve not been able to find MS documentation around this feature yet, the documentation link just takes you to the general intune docs.
One use case I see here is speeding up policy and application deployment to devices that are grouped by enrollment profile name (device.enrollmentProfileName). This way a filter can be created to filter out devices with incorrect enrollment profile name, speeding up resource deployment (As you do not have to wait for an AAD group to update).