How to organize your Microsoft Intune setup like a Rockstar

How to organize your Microsoft Intune deployments like a Rockstar – Part 1

Several years ago, I attended an online MC2MC session brought to by former Microsoft Most Valuable Professional Tim Hermie. This session was about using a naming convention to easily and organizationally manage and configure your Microsoft Intune for larger companies (or even smaller ones). For me, the tips he shared formed a foundation for how I configure and manage Microsoft Intune environments for our customers today. Yes, even the smaller ones.πŸ˜‰

In this two-part blog post, I will show you how I bring structure into my Microsoft Intune projects by starting with a proper naming convention.

I think every Microsoft Intune should start with a good and solid naming convention! But why is this so important? Writing down a good naming convention has the following benefits:

  • Consistency: Ensures uniformity across the project, making it easier to understand and maintain.
  • Readability: Improves the clarity of the data, making it easier for others (and yourself) to read and comprehend.
  • Maintainability: Simplifies updating and modifying the data, reducing the risk of errors.
  • Collaboration: Facilitates teamwork by providing a common language and structure, making it easier for team members to work together.
  • Scalability: Helps manage larger projects by providing a clear and organized structure, making it easier to scale up.
  • Debugging: Aids identify and fix issues more efficiently by providing clear and descriptive names.

So now that we know the importance of naming conventions, where do I use them in my Microsoft Intune projects? Almost everywhere!

  • Microsoft Entra ID Groups
  • GroupTags for Devices in Windows Autopilot
  • Compliance Policies
  • Configuration Policies
  • Endpoint Security Policies
  • Windows Updates
  • Applications

INFORMATION
Before you start using your naming convention, discuss this with your customer. Some customers already have an existing naming convention that you can build on.

Let’s become that Rockstar! 🀘🏻

This first part of this series will focus on Microsoft Entra ID groups and GroupTags in Windows Autopilot and how I bring structure to my Microsoft Entra ID groups by using a proper naming convention.

Microsoft Entra ID Groups

Some examples of Microsoft Entra ID User or Device groups are the following:

grp-usr-d-app-microsoft-365-apps

grp-dvc-a-and-global-device-restrictions

grp-dvc-d-win-windows-10

grp-usr-a-lic-microsoft-enterprise-e3

As you can see, I use five parameters to give my group a clear name. But what do those parameters exactly mean?

The first parameter grp = is clear and stands for group
The second parameter usr/dvc = this means it’s either a User (usr) of Device (dvc) group
The third parameter d/a = defines the type of group, either dynamic or assigned
The fourth parameter win/and/lic/app = defines several types of suggestions, what kind of OS (Windows/Android/iOS/mac) or a license (lic) group, or a group that is dedicated to an application (app)

GroupTags for Devices in Windows Autopilot

GroupTags are a powerful feature in Windows Autopilot that enhances device management, streamlines deployment, and allows for greater customization and efficiency. Some examples of GroupTags can be:

E-BE-U-LT-PRD

H-IT-A-DT-TST

As you can see my GroupTags are divided into specific sections:

E/H = Entra Joined or Hybrid Joined (always go for Entra Joined πŸ˜‰)
BE/IT/HR/NL/.. = This can be for example countries (BE = Belgium, NL = Netherlands) where offices are located (Enterprise companies) or departments (IT or HR). Most of the time this will be used as optional.
U/A = This section relates primarily to the user account type within Windows Autopilot Deployment Profiles, Standard (user), or Administrator account type.
LT/DT/SH/KS = This section relates to the device type, e.g., laptop, desktop, shared device, or kiosk device.
PRD/TST = This section relates to the purpose of a device, production, or test.

GroupTags can also be used to create dynamic membership rules in Microsoft Entra ID. This means that devices can be automatically added to specific groups based on their group tag, simplifying device management. Stay tuned for a deep-dive blog post on how to use GroupTags to populate your Microsoft Entra ID Dynamic Groups!

Conclusion

Using a consistent naming convention in Microsoft Intune enhances organization, simplifies device management, and improves overall efficiency. It ensures that devices are easily identifiable, reducing the risk of errors and streamlining administrative tasks. I hope this can be useful to you in case you need to have a head start on start using a proper naming convention. The most important thing is, that it must meet your own needs.

This will cover my first part on How to organize your Microsoft Intune deployments like a Rockstar, in the second part we will cover stuff like Compliance policies, Configuration profiles, etc… So stay tuned! πŸ˜‰

Nicky De Westelinck

Nicky De Westelinck is a Modern Workplace Expert for Arxus with several years of experience in Microsoft 365. His main focus is Microsoft Intune and Microsoft 365 Administration. He is also a Microsoft Certified Trainer since 2021.

View all posts by Nicky De Westelinck →