Device targeting allows you to execute policies on a filtered collection of devices. All policy types and worklets can be configured to use device filtering.
The following topics are described here:
- Creating a Device Filter on a Policy
- Device Targeting Based on OU Information
- Viewing and Searching for Policies with Device Targeting
- Deleting a Device Filter
Creating a Device Filter on a Policy
You can apply filters on new and existing policies or worklets to target devices. It is possible to add up to 10 filters per policy and 10 values per filter. For details about creating a policy or worklet, see Managing Policies.
Note: The Condition field options have been updated. Refer to the table in Filters and their values for a description of the options.
From the Create or Edit Policy page, use the toggle to turn on Device Targeting.
From the Select Attribute drop-down menu, select the filter you want to use. You can filter by:
Active Directory Organizational Unit (Windows only)
Select from the options available in the Condition field. The options available depend on the attribute selected.
Use the Value field to enter the options related to the filter. You can select a maximum of 10 options.
Click Preview Impacted Devices to retrieve a list of all devices that will be included in the policy. The resulting Devices Preview window helps to ensure that you have correctly configured the filter.
If you are creating a new policy or worklet, at this point you can also set a schedule and configure user notifications. Click Create Policy.
If you are editing a policy or worklet, click Save Policy.
Filters and their values
You can create up to 10 filters and apply up to 10 values per filter. Each filter row uses an "And" operation. These narrow down the results to fit all filters. The values set within the Options field use an "Or" operation. The following table describes the filter types and the values that are currently available.
Active Directory Organizational Unit
These are the types of filters that can be applied to this policy.
Does not contain
Depending on the type of attribute, you can use these conditions to define the filter.
The value options available depend on the attribute selected.
A single filter (row) with multiple values will target any device with value option 1 or value option 2, or both.
The impacted devices include at least one of the value options. Therefore, in this example, the tags "Accounting" and "test_UX" include all devices with these tags. If there are more tags, the device will still be included because it uses at least one of the values selected.
Devices Preview: This is a preview of the devices the device targeting filter will currently apply to. This device targeting filter only applies to devices that are in groups associated with this policy. Ensure you have the correct groups associated with this policy.
Separate filters (rows) are an "And" condition. In this example, both "accept" and "184.108.40.206" are valid. An impacted device must have each filter condition.
The impacted devices now reflect the conditions required for all filters. In this example, only the devices with exactly the IP address “220.127.116.11” and the Tag “accept”, are targeted.
Other filter examples
Use the Hostname to target devices. You can use partial name searches to gather the list of devices to which you want to apply a policy.
The result of this will show all devices that have a Hostname with the value "desktop":
IP address filters currently match on any partial string in the IP address field.
For example, if you filter for 1.1, all of the following IP addresses would match:
Note: The IP filter evaluates all network interfaces on a device. In some instances the primary network interface address may not match the filter, however, if any of the other network interfaces on the device contain the search string then it will result in a match.
Device Targeting Based on OU Information
You can use the device targeting filter Active Directory Organizational Unit (AD OU) to run policies based on Organizational Units. This allows you to filter devices based on your AD structure.
The AD OU information is collected when a device is scanned. Therefore, the policy automatically applies to newly added devices.
The AD OU filter allows you to match a string or strings. Example:
You can target a higher-level OU by using a partial match on the path.
The Active Directory OU filter is available only for Windows devices
The maximum string length is 2048 characters
You can copy/paste the path structure into the Option field
This feature requires no direct Active Directory Domain Controller access as we’re pulling the AD OU information directly from each device.
Azure AD OU information requires a hybrid AD and Azure AD setup
Creating an Active Directory Organizational Unit Device Filter
Follow these steps to set up device filtering based on Organizational Units (OU).
Note: Automox queries Active Directory OU information every time a device is scanned (when adding a device or at least every 24 hours - depending on your scan interval).
From the Create or Edit Policy page, use the toggle to turn on Device Targeting and activate the feature toggle.
From the Select Attribute field, click Active Directory Organizational Unit.
Use the Select Condition field to select from the following operators: Is, Is Not, Contains, Does Not Contain.
In the Add Option field, enter or paste one or more path structures.
Click Preview Impacted Devices to review the devices affected by the policy.
Click Create Policy or Save Policy. The policy will run according to the schedule.
Targeting specific OUs
To target a specific OU, use the Is condition. This filter requires full paths to the OU. Any sub-OUs are not included.
Viewing and Searching for Policies with Device Targeting
You can see if the device filter is configured for the policy from the Policies page.
Use the search field to find the new or updated policy to ensure that device targeting filters are switched on.
You can also sort the list of policies by the Has Device Targeting column.
Deleting a Device Filter
To delete an existing device filter in a policy or worklet, go to Device Targeting on the Edit page.
Click the delete button to remove the device filter.
Click Save Policy.
API Reference Guide: Device Filters Preview - Filter Parameters