Entra group samples.

[DamagedDingo]

This is not valid property on MacOS.
device.deviceTrustType -eq "AzureAD"

From wiki:
All enabled, corporate, Intune-managed, Platform SSO-joined MacOS devices:
(device.accountEnabled -eq True) and (device.managementType -eq "MDM") and (device.deviceTrustType -eq "AzureAD") and (device.deviceManufacturer -eq "Apple") and (device.deviceOSType -eq "MacMDM") and (device.deviceOwnership -eq "Company")

Entra also won't let me make a dynamic group with more then 5 conditions so this is what I have for these 3 groups..

Best I can do is this for MacOS..
(device.accountEnabled -eq True) and (device.managementType -eq "MDM") and (device.deviceManufacturer -eq "Apple") and (device.deviceOSType -eq "MacMDM") and (device.deviceOwnership -eq "Company")

iOS is empty on WkiKi, but this is mine.
(device.accountEnabled -eq True) and (device.managementType -eq "MDM") and (device.deviceOStype -startswith "i") and (device.deviceManufacturer -eq "Apple") and (device.deviceOwnership -eq "Company")

I had wanted to do this, but the condition limit got me,
(device.deviceOSType -eq "iPhone") or (device.deviceOSType -eq "iPad")

Still might be better to do this (untested) as the Manufacture probably isn't important.
(device.accountEnabled -eq true) and (device.managementType -eq "MDM") and ((device.deviceOSType -eq "iPhone") or (device.deviceOSType -eq "iPad")) and (device.deviceOwnership -eq "Company")

can't remember if I changed the windows one or not.
(device.accountEnabled -eq True) and (device.deviceManagementAppId -in ["0000000a-0000-0000-c000-000000000000", "54b943f8-d761-4f8d-951e-9cea1846db5a"]) and (device.deviceTrustType -in ["AzureAD", "ServerAD"]) and (device.deviceOwnership -eq "Company") and (device.deviceOSType -eq "Windows")

Someone want to double check and we can update the wiki.

[Moulders26]

You can have more than 5 conditions, you just can't use the builder and have to do it manually