Automate security group membership based on device hardware, software, vulnerabilities, and other inventory data
I absolutely love the SCCM Operational collections from System Center Dudes, and while Intune has a different design that negates the need for scoping collections, there are still many scenarios that are helpful to have for targeting.
https://www.systemcenterdudes.com/create-operational-sccm-collection-using-powershell-script/
This solution provides a set of scripts to help you maintain group membership using data available in Graph API and optionally collect device inventory data in Log Analytics and use that as well. This might be OS, applications, vulnerabilities, etc., but it can be extended to just about anything you might want to collect using Remediations.