🛡️🪟💻⛓️Group - Devices - Virtual Machines
📄 What this group is about
This dynamic group contains all Windows virtual machines in the tenant.
It’s used to separate VMs from physical devices so they don’t accidentally receive the same deployment profiles or policies that are meant for physical hardware.
🛠️ Configuration Table
| Setting | Value | Additional Info |
|---|---|---|
| Name | 🛡️🪟💻⛓️Group - Devices - Virtual Machines | |
| Description | All Windows devices where the model indicates it’s a virtual machine | Helps scope policies away from VMs when needed |
| Membership type | Dynamic | Devices are automatically added based on model |
| Dynamic rule syntax | (see below) | Matches all devices with “Virtual Machine” in their model |
(device.deviceModel -contains "Virtual Machine")
💬 Why this matters
Virtual machines often require different management:
- Testing environments
- Lab or sandbox systems
- Windows 365 Cloud PCs
- AVD session hosts
By keeping them in a dedicated group, you can:
- Prevent Autopilot deployment profiles from applying incorrectly
- Assign separate baselines and security policies
- Avoid clutter in reporting for physical hardware