Connect
Ask Community
Ask the community
Ask Community
  • Home
  • macOS
  • I have 2 questions about Dynamic Groups

I have 2 questions about Dynamic GroupsSolved

Profile photo of jiggieman
jiggieman
Participant
Discussion
Hexnode UEM
3 weeks ago Jan 21, 2026

1.- How do i create a Dynamic group that displays all newly enrolled macs as of today. ( not a report, since i cant use that for a policy)
The idea is, to deploy a feature to newly enrolled devices 1 time via policy. Since i cant modify th epolicy to say run 1 time only. Since the policy will run 1 time, the device should clear the next day out of that group.

2.- A dynamic group that shows all my users with a bad Filevault recovery key. The Current 3 (N/a, Enabled,disabled)  options do not show the faulty ones. As you can see its set by the MDM but the MDM says its broken. Screenshot 2026-01-13 at 10.21.50 AM.pngScreenshot 2026-01-13 at 10.21.56 AM.png

topic view count 112 Views

Tags

Compliance (40)
Reply

Replies (3)

Marked SolutionPending Review
Profile photo of kylian_parker Hexnode Expert image
kylian_parker
Hexnode Expert
3 weeks ago Jan 23, 2026
Marked SolutionPending Review

@jiggieman to answer the first question, you don’t need to create a Dynamic Group for this use case. The recommended approach is to configure an automation under the Automate tab, which allows you to automatically deploy policies to newly enrolled devicesHere, you can set an enrollment-based trigger that will cause the policy to be associated every time a new device enrolls in the portal. You can configure this by following the steps below, 

  1. In the Hexnode portal, go to Automate > Active Automations. 

  1. Click on New Automation and then select New Automation > macOS. 

  1. In Actions, select the action Associate Policy under Policy. Choose your policy from the list. 

  1. In Settings and Schedule, set the Trigger setting to Activity. Under Initiate > Enrollment, select Device Enrollment. 

  1. In the next steps, you can configure any filters if needed, and then review the automation settings and save them.

Regarding your second question, it is currently not possible to create a dynamic group to identify users with an invalid or broken FileVault recovery key. However, you can generate a custom report under the Reports tab, where you can view the FileVault recovery key of the users with FileVault enabled. If the recovery key is faulty or not retrievable, as in your case, it would show up as N/A in the corresponding column displaying the FileVault recovery keys. This way, you can identify the users with “faulty” FileVault recovery keys.  

Let me know if you have any other questions–happy to help! 

Marked SolutionPending Review
Profile photo of jiggieman Novice image
jiggieman
Participant
16 hours ago Feb 10, 2026
Marked SolutionPending Review

I guess this workaround would do.. 

Marked SolutionPending Review
Profile photo of kylian_parker Hexnode Expert image
kylian_parker
Hexnode Expert
16 hours ago Feb 10, 2026
Marked SolutionPending Review

@jiggieman , glad it worked!

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1840 pts
Profile photo of timo-liam Veteran image
timo-liam
1280 pts
Profile photo of leo_scott Novice image
leo_scott
1177 pts
Profile photo of eliiza Novice image
eliza
1097 pts
Profile photo of boris Veteran image
boris
1089 pts
View all

Popular Tags

ABM (51)
Android (441)
iOS (351)
macOS (462)
Windows (316)
Apple TV (32)
App Management (341)
Enrollment (99)
Location (28)
Kiosk (209)
Scripts (87)
ADE (47)
OS Updates (78)
Android Enterprise (132)
View all