Why?

In environments where you have a lot of different windows 10 versions spread accros the organisation you may need to target specific versions with a certain policy. For this purpose it can be convenient to have Azure Ad Groups for this. You don't want to do this manually. Certainly if the goal is to get them all to the same version as soon as possible.

You can look up specific versions and their build numbers on Microsoft Docs:

• For stable releases: https://docs.microsoft.com/en-us/windows/release-information/
• For Insider Builds: https://docs.microsoft.com/en-us/windows-insider/flight-hub/

You can deploy these dynamic groups very fast with Powershell. We can use the "New-AzureADMSGroup" cmdlet for this.

Examples:

#(device.deviceOSVersion -startsWith "10.0.18362") #1903
New-AzureADMSGroup -DisplayName "M365_D_Windows10_1903" -Description "Containing all Windows 10 version 1903" -MailEnabled $False -MailNickName $False -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule '(device.deviceOSVersion -startsWith "10.0.18362")' -MembershipRuleProcessingState "On"

#(device.deviceOSVersion -startsWith "10.0.18363") #1909
New-AzureADMSGroup -DisplayName "M365_D_Windows10_1909" -Description "Containing all Windows 10 version 1909" -MailEnabled $False -MailNickName $False -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule '(device.deviceOSVersion -startsWith "10.0.18363")' -MembershipRuleProcessingState "On"

You could create all the groups based on the above examples, but I did all that work already and you can find it on my GitHub here