π‘οΈπͺπ»βοΈGroup - Devices - Virtual Machines
π What this group is aboutβ
This dynamic group contains all Windows virtual machines in the tenant.
Itβs used to separate VMs from physical devices so they donβt accidentally receive the same deployment profiles or policies that are meant for physical hardware.
π οΈ Configuration Tableβ
| Setting | Value | Additional Info |
|---|---|---|
| Name | π‘οΈπͺπ»βοΈGroup - Devices - Virtual Machines | |
| Description | All Windows devices where the model indicates itβs a virtual machine | Helps scope policies away from VMs when needed |
| Membership type | Dynamic | Devices are automatically added based on model |
| Dynamic rule syntax | (see below) | Matches all devices with βVirtual Machineβ in their model |
(device.deviceModel -contains "Virtual Machine")
π¬ Why this mattersβ
Virtual machines often require different management:
- Testing environments
- Lab or sandbox systems
- Windows 365 Cloud PCs
- AVD session hosts
By keeping them in a dedicated group, you can:
- Prevent Autopilot deployment profiles from applying incorrectly
- Assign separate baselines and security policies
- Avoid clutter in reporting for physical hardware