MicrosoftDocs · MandiOhlinger · May 26, 2026 · May 19, 2026 · May 19, 2026 · May 19, 2026
diff --git a/autopilot/requirements.md b/autopilot/requirements.md
@@ -110,7 +110,6 @@ Windows Autopilot relies on several different type of services to function prope
 After a network connection is in place, each Windows device will contact the Windows Autopilot Deployment Service. The following URLs are used:
 
 - `https://ztd.dds.microsoft.com`
-- `https://cs.dds.microsoft.com`
 - `https://login.live.com`
 
 ##### Windows Activation

diff --git a/intune/configmgr/sum/deploy-use/third-party-software-update-catalogs.md b/intune/configmgr/sum/deploy-use/third-party-software-update-catalogs.md
@@ -20,7 +20,7 @@ To make it easier to find custom catalogs, we're providing a list of links as a
 |</br></br>Custom catalog provider|</br></br> URL|
 |--|--|
 |Adobe | Multiple catalogs are available from Adobe. </br>  https://www.adobe.com/devnet-docs/acrobatetk/tools/DesktopDeployment/sccm.html |
-|Centero Software Manager| https://centero.fi/centero-software-manager/product-editions/#csm-for-mecm |
+|Centero Software Manager| https://docs.software-manager.com/docs/csm-for-sccm |
 |Dell| *Partner catalog* available in the **Third-Party Software Update Catalogs** node </br> https://www.dell.com/support/article/sln311138/ </br></br> https://downloads.dell.com/Catalog/DellSDPCatalogPC.cab </br></br>https://downloads.dell.com/Catalog/DellSDPCatalog.cab |
 |Fujitsu| https://support.ts.fujitsu.com/GFSMS/globalflash/FJSVUMCatalogForSCCM.cab |
 |HP| *Partner catalog* available in the **Third-Party Software Update Catalogs** node <br> https://hpia.hpcloud.hp.com/downloads/sccmcatalog/HpCatalogForSms.latest.cab</br></br> `http://ftp.hp.com/pub/softlib/software/sms_catalog/HpCatalogForSms.latest.cab` |

diff --git a/intune/developer/data-warehouse/ref-data-model.md b/intune/developer/data-warehouse/ref-data-model.md
@@ -50,5 +50,5 @@ The warehouse is downstream from your Intune data. Intune takes a daily snapshot
 ## Next steps
 
 - To learn more about how the data warehouse tracks a user's lifetime in Intune, see [User lifetime representation in the Intune Data Warehouse](ref-user-timeline.md).
-- To learn more about working with data warehouses in the [Create First Data WareHouse](https://www.codeproject.com/Articles/652108/Create-First-Data-WareHouse).
+- To learn more about working with data warehouses, see [Microsoft Fabric Data Warehouse introduction](/fabric/data-warehouse/tutorial-introduction).
 - To learn more about working with Power BI and a data warehouse in [Create a new Power BI report by importing a dataset](https://powerbi.microsoft.com/documentation/powerbi-service-create-a-new-report/).
diff --git a/intune/device-configuration/assign-device-profile.md b/intune/device-configuration/assign-device-profile.md
@@ -1,7 +1,7 @@
 ---
 title: Assign device profiles in Microsoft Intune
 description: Use the Microsoft Intune admin center to assign device configuration profiles and policies to users and devices. Learn how to exclude groups from a profile assignment in Microsoft Intune.
-ms.date: 02/10/2026
+ms.date: 05/19/2026
 ms.update-cycle: 180-days
 ms.topic: how-to
 ms.reviewer: gokarthi
@@ -173,7 +173,10 @@ When you assign your policies and policies, apply the following general principl
 
 - Excluded groups can be groups with users or groups with devices.
 
-- Dynamic Microsoft Entra device groups can be added to Included groups. But, there can be latency when populating the dynamic group membership. In latency-sensitive scenarios, use [assignment filters](../fundamentals/filters/overview.md) to target specific devices, and assign your policies to user groups.
+- Dynamic Microsoft Entra device groups can be added to Included groups. But, dynamic group membership requires processing time before devices appear in the group. In time-sensitive scenarios, use [assignment filters](../fundamentals/filters/overview.md) to target specific devices directly at check-in, and assign your policies to user groups or the *All devices* virtual group.
+
+  > [!TIP]
+  > If your dynamic device group rule targets properties like OS type, manufacturer, model, ownership, or device category, consider using an [assignment filter](../fundamentals/filters/overview.md) instead. Filters evaluate device properties directly at check-in without depending on group membership processing. For guidance, go to [Performance recommendations for grouping, targeting, and filtering](../fundamentals/filters/performance-recommendations.md).
 
   For example, you want policies assigned to devices as soon as they enroll. In this latency-sensitive situation, create an [assignment filter](../fundamentals/filters/overview.md) to target the devices you want, and assign the policy with this assignment filter to user groups. Don't assign to device groups.
 

diff --git a/intune/device-configuration/settings-catalog/tutorial-group-policy-migration.md b/intune/device-configuration/settings-catalog/tutorial-group-policy-migration.md
@@ -1,7 +1,7 @@
 ---
 title: Walkthrough-Create a settings catalog policy
 description: This tutorial or walkthrough steps through creating and comparing an on-premises Administrative Templates (ADMX) Group Policy and Microsoft Intune cloud-based settings catalog policy. It shows similar settings in on-premises and the Intune settings catalog to create and manage policies for Office, Windows, and Microsoft Edge on Windows 10/11 client devices.
-ms.date: 08/21/2025
+ms.date: 05/19/2026
 ms.topic: tutorial
 ms.reviewer: mayurjadhav
 ms.collection:
@@ -174,6 +174,8 @@ In these next steps, you create security groups, and add users to these groups.
   - [Understand and manage dynamic group processing in Microsoft Entra ID](/entra/identity/users/manage-dynamic-group)
   - [Manage rules for dynamic membership groups in Microsoft Entra ID](/entra/identity/users/groups-dynamic-membership)
 
+- For Intune-only device targeting based on properties like OS type or manufacturer, consider using [assignment filters](../../fundamentals/filters/overview.md) instead of dynamic device groups. Filters evaluate at check-in without depending on group membership processing, and can simplify your targeting architecture. Dynamic groups remain necessary for cross-workload scenarios (Conditional Access, licensing) and user-based grouping. For more information, go to [Performance recommendations for grouping, targeting, and filtering in large Microsoft Intune environments](../../fundamentals/filters/performance-recommendations.md).
+
 - Your Microsoft Entra ID license can include other services that are commonly used when managing apps and devices, including [multifactor authentication (MFA)](/entra/identity/authentication/concept-mfa-howitworks) and [Conditional Access](/entra/identity/conditional-access/overview).
 
 - Many administrators ask when to use user groups and when to use device groups. For some guidance, go to [User groups vs. device groups](../../device-configuration/assign-device-profile.md#user-groups-vs-device-groups).

diff --git a/intune/device-configuration/troubleshoot-device-profiles.md b/intune/device-configuration/troubleshoot-device-profiles.md
@@ -1,7 +1,7 @@
 ---
 title: Questions with policies and profiles in Microsoft Intune
 description: Common questions, answers, and scenarios with device policies and profiles in Microsoft Intune. Learn more about profile changes not applying to users or devices, how long it takes for new policies to deploy, which settings apply when there are conflicts, what happens when you delete or remove a profile, and more.
-ms.date: 03/26/2026
+ms.date: 05/19/2026
 ms.update-cycle: 180-days
 ms.topic: troubleshooting
 ms.reviewer:
@@ -160,13 +160,17 @@ To learn more about the version and edition requirements for the different setti
 
 ## When devices enroll, there's a delay in applying apps and policies assigned to dynamic device groups
 
-During enrollment, you can use Microsoft Entra dynamic device groups. For example, you can create a dynamic device group based on a device's name or enrollment profile.
+During enrollment, you can use Microsoft Entra dynamic device groups to target apps and policies. For example, you can create a dynamic device group based on a device's name or enrollment profile.
 
-The enrollment profile is applied to the device record during initial device setup. Microsoft Entra dynamic grouping isn't instant. The device might not be in the dynamic group for some time, possibly minutes to hours depending on other changes being made in your tenant.
+Dynamic group membership requires additional processing after a device enrolls. Until the device is added to the group, apps and policies assigned to that group aren't delivered. The policies might not apply until the next scheduled check-in.
 
-If the device isn't added to the group, then your apps and policies aren't assigned to the device during the initial Intune check-in. The policies might not apply until the next scheduled check-in.
+If fast delivery of apps and policies is important to your enrollment scenario, consider these alternatives:
 
-If fast delivery of apps and policies is important to your setup/enrollment scenario, then assign your apps and policies to user groups, not dynamic device groups. User groups are pre-populated with members before device setup and don't have this delay.
+- **User groups** — Assign apps and policies to user groups instead of dynamic device groups. User groups are pre-populated with members before device setup and don't depend on post-enrollment group membership processing.
+
+- **Assignment filters** — Use [assignment filters](../fundamentals/filters/overview.md) to target devices based on properties like OS type, manufacturer, or enrollment profile. Filters evaluate directly at device check-in without depending on group membership processing. Apply filters to broad groups like *All devices* for fast, predictable policy delivery during enrollment.
+
+- **Enrollment time grouping** — If you need to keep using device groups for enrollment targeting, [enrollment time grouping](../device-enrollment/setup-time-grouping.md) adds devices to a security group during enrollment rather than after, so apps and policies assigned to that group are delivered on the first check-in.
 
 For more information on dynamic groups, go to:
 

diff --git a/intune/device-enrollment/android/setup-fully-managed.md b/intune/device-enrollment/android/setup-fully-managed.md
@@ -1,7 +1,7 @@
 ---
 title: Set up enrollment for Android Enterprise fully managed devices
 description: Set up enrollment in Intune for devices using the Android Enterprise fully managed device management solution.
-ms.date: 05/08/2025
+ms.date: 05/19/2026
 ms.topic: how-to
 ms.reviewer: grwilso
 ms.collection:
@@ -151,6 +151,9 @@ To review, make changes, or delete the profile:
 ## Step 3: Create dynamic Microsoft Entra group
 Optionally, create a dynamic Microsoft Entra group to automatically group devices based on a certain attribute or variable. In this case, we want to use the `enrollmentProfileName` property to group devices that are enrolling with the same profile.
 
+> [!NOTE]
+> Dynamic groups based on `enrollmentProfileName` are useful when you need group membership for cross-workload scenarios (like Conditional Access or group-based licensing). If your goal is only to target Intune policies and apps to devices with specific properties, consider using [assignment filters](../../fundamentals/filters/overview.md) instead. Filters evaluate at check-in without depending on group membership processing.
+
 Add these configurations to your group:
 
 * **Group type**: Security

diff --git a/intune/device-enrollment/apple/guide-macos.md b/intune/device-enrollment/apple/guide-macos.md
@@ -3,7 +3,7 @@ title: macOS device enrollment guide for  Microsoft Intune
 description: Enroll macOS devices using device enrollment, automated device enrollment (DEP), and Apple Configurator enrollment options in Microsoft Intune. Decide which enrollment method to use, and get an overview of the administrator and end user tasks to enroll devices.
 author: MandiOhlinger
 ms.author: mandia
-ms.date: 06/09/2025
+ms.date: 05/19/2026
 ms.topic: article
 ms.reviewer: auherrin, dregan, annovich
 ms.collection:
@@ -79,6 +79,9 @@ Your users must do the following steps. For more specific information on the end
 
 The Company Portal app detects the installation of the management profile and automatically registers the device, unless it is manually closed by the user. The user must reopen the app to complete device registration. If you're using dynamic groups, which rely on device registration, it's important for users to return to the app and register. Plan to communicate these steps to end users. If you're using Conditional Access (CA) policies, no action is required because any CA-protected app users try to sign into will prompt them to return to Company Portal to complete device registration.
 
+> [!TIP]
+> If you're using dynamic device groups only for Intune policy and app targeting (not Conditional Access or licensing), consider using [assignment filters](../../fundamentals/filters/overview.md) instead. Filters evaluate at check-in without depending on device registration or group membership processing, which can simplify enrollment workflows.
+
 [!INCLUDE [users-dont-like-enroll](../includes/users-dont-like-enroll.md)]
 
 ## Automated Device Enrollment (ADE) (supervised)

diff --git a/intune/device-management/create-device-categories.md b/intune/device-management/create-device-categories.md
@@ -1,11 +1,11 @@
 ---
 title: Categorize devices into groups in Intune
 description: Categorize Intune-managed devices into groups for easier management in the admin center.
-ms.date: 09/16/2025
+ms.date: 05/19/2026
 ms.topic: how-to
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: scotduff
+ms.reviewer: mattcall
 ms.collection:
 - M365-identity-device-management
 ---
@@ -54,6 +54,9 @@ To enable automatic grouping, you must create a dynamic group using attribute-ba
 
 For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: `device.deviceCategory -eq "HR"`
 
+> [!TIP]
+> If you only use device category groups for Intune policy and app targeting, you can use [assignment filters](../fundamentals/filters/overview.md) with the `deviceCategory` property instead of creating dynamic groups. Filters evaluate at check-in without depending on group membership processing. Dynamic groups remain necessary if the category groups are also used for Conditional Access, licensing, or other cross-workload scenarios.
+
 ## View categories of all devices
 To view the device category assigned to each device, go to **Devices** > **All devices**.
 The category is listed in the **Device category** column. To add the column to your table, select **Columns**, and then choose **Category** > **Apply**.

diff --git a/intune/fundamentals/filters/overview.md b/intune/fundamentals/filters/overview.md
@@ -1,7 +1,7 @@
 ---
 title: Create assignment filters in Microsoft Intune
 description: Create assignment filters in Microsoft Intune to target policies based on device properties like OS version or manufacturer. Learn to create, update, and delete filters for managed devices and apps.
-ms.date: 02/10/2026
+ms.date: 05/19/2026
 ms.topic: how-to
 ms.reviewer: mattcall
 ms.collection:
@@ -69,6 +69,18 @@ Before you apply a policy to an app or device, assignment filters dynamically ev
 
 4. You see the assignment filter results based on the evaluation. For example, the app or policy applies, or it doesn't apply.
 
+### Assignment filters vs. dynamic groups
+
+If you're deciding between assignment filters and dynamic groups for device targeting, consider the following:
+
+- **Use assignment filters** when you're targeting Intune policies or apps based on device properties (OS, model, manufacturer, ownership, category). Filters evaluate at check-in with no further evaluation delay.
+- **Use dynamic groups** when you need cross-workload targeting (Conditional Access, licensing), Autopilot profile assignment, or user-based grouping.
+
+Many organizations use both: dynamic groups for cross-workload scenarios and assignment filters for Intune-specific device targeting.
+
+> [!NOTE]
+> Because assignment filters don't require group membership processing, policy targeting isn't affected by group size, rule complexity, or membership evaluation timing. For performance recommendations when working with groups and filters, go to [Performance recommendations for grouping, targeting, and filtering in large Microsoft Intune environments](./performance-recommendations.md).
+
 ### Restrictions
 
 There are some general restrictions when creating assignment filters:

diff --git a/intune/fundamentals/filters/performance-recommendations.md b/intune/fundamentals/filters/performance-recommendations.md
@@ -1,7 +1,7 @@
 ---
 title: Assignment Filter Performance Tips for Intune
 description: Optimize Microsoft Intune performance with assignment filters. Learn to use virtual groups, reuse groups, and apply filters effectively. Improve policy deployment speed with incremental group changes, and use assignment filters to include and exclude.
-ms.date: 11/19/2025
+ms.date: 05/19/2026
 ms.topic: article
 ms.reviewer: mattcall
 ms.collection:
@@ -127,6 +127,25 @@ This recommendation exists due to the timing/latency characteristic of dynamic g
 
 Instead of mixed exclusions, we recommend assigning to a user group. Then, use assignment filters to dynamically include or exclude the appropriate devices.
 
+### Use assignment filters instead of dynamic groups for device property targeting
+
+| DO | DON'T |
+| --- | --- |
+| ✅ Use filters for simple device properties (OS type, manufacturer, model, ownership, device category). | ❌ Don't use dynamic groups for simple device properties when the group is only used by Intune. |
+
+Dynamic device groups that use simple property rules (like `device.deviceOSType -eq "Windows"` or `device.deviceOwnership -eq "Company"`) introduce additional processing steps without benefit when the group is only consumed by Intune. Assignment filters evaluate the same properties at device check-in — directly, without requiring group membership evaluation.
+
+For example, instead of creating a dynamic group with the rule `device.deviceOSType -eq "Windows"` and assigning a policy to that group, you can assign the policy to *All devices* and apply a filter with the rule `operatingSystemSKU -eq "Windows"`. The result is the same — but the filter is evaluated at check-in without depending on group membership processing.
+
+Consider migrating dynamic device groups to assignment filters when:
+
+- The group is **only used for Intune policy or app assignments** (not Conditional Access, licensing, or other services).
+- The group rule uses device properties that assignment filters [support](ref-device-properties.md), like OS version, manufacturer, model, ownership, or category.
+- You want to **simplify your targeting architecture** and reduce dependencies on group membership evaluation.
+
+> [!NOTE]
+> Dynamic groups remain necessary for Autopilot profile targeting, cross-workload scenarios (Conditional Access, licensing), and user-based grouping. For guidance on dynamic groups, go to [Create simpler, more efficient rules for dynamic groups in Microsoft Entra ID](/azure/active-directory/enterprise-users/groups-dynamic-rule-more-efficient).
+
 ## Summary
 
 When creating and managing assignments in Intune, incorporate some of these recommendations. Use groups or virtual groups, and apply assignment filters to help refine the targeting scope. Keep the best practices in mind:

diff --git a/intune/fundamentals/planning-guide.md b/intune/fundamentals/planning-guide.md
@@ -3,7 +3,7 @@ title: Planning guide to move to Microsoft Intune
 description: Plan, design, implement, adopt, and move to Microsoft Intune. Get guidance and advice to determine goals, use-case scenarios and requirements, and create rollout and communication plans, support, testing, and validation plans.
 author: MandiOhlinger
 ms.author: mandia
-ms.date: 08/21/2025
+ms.date: 05/19/2026
 ms.topic: upgrade-and-migration-article
 ms.reviewer: davguy
 ms.collection:
@@ -125,6 +125,9 @@ In Intune, distributed IT benefits from the following features:
 
 - When you use **[device enrollment categories](../device-management/create-device-categories.md)**, devices are automatically added to groups based on categories you create. This feature used Microsoft Entra dynamic groups, and helps make managing devices easier.
 
+  > [!TIP]
+  > If your goal is to target Intune policies based on device category, you can also use [assignment filters](filters/overview.md) with the `deviceCategory` property. Filters evaluate at check-in without depending on group membership processing.
+
   When users enroll their device, they choose a category, like Sales, IT admin, point-of-sale device, and so on. When the devices are added to a category, these device groups are ready to receive your policies.
 
 - When admins create policies, you can require **[multiple admin approval](role-based-access-control/multi-admin-approval.md)** for specific policies, including policies that run scripts or deploy apps.