To add or exclude devices from a collection, you can use one of the following methods: queries, device category rules, inclusion or exclusion rules, or by directly adding individual computers. We typically use the direct, query and include/exclude collections rules which will be explained in this article.
Query Rule
Query rules in SCCM dynamically add devices to a collection group based on criteria defined using WQL queries. They automatically update collection membership as device attributes change. See https://learn.microsoft.com/en-us/windows/win32/wmisdk/querying-with-wql and https://learn.microsoft.com/en-us/windows/win32/wmisdk/wql-sql-for-wmi for more details.
Rule example to find an AD group: "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "MOPT_NT\\{groupname}"" - ensure if you copy this you replace the {groupname} with the actual AD group name. See linked article for more examples and references.
Direct Rule
Add the computer directly to the group via the Create Direct Membership Rule Wizard. Within this wizard you can specify a computer name to add to the group.
Include Collections
Specify other device collections to be included as members of this collection. This is useful when you want to combine existing collections into a larger collection for simplified management or deployment.
For example, if you have separate collections for "Joel testing" and "Nik testing," you can include both in a broader "All testing" collection. This ensures any device added to the included collections automatically appears in the parent collection.
Exclude Collections
Specify other device collections to exclude from this collection. This is useful when you want to prevent devices in an existing collection from being included, such as when managing separate groups for production and testing.
For example, if you have an "App | Production" collection, you can exclude the "App | Update" collection to ensure devices in the update group are not included in the production group.