Forum Discussion
Best Practice for Multiple Configuration Policies
I'm looking for some guidance on the best practice setup when dealing with multiple restriction policies for multiple user groups. Should I be creating complete restriction policies for each department, or am I better off creating a single, overarching restriction policy for my organization and then creating more targeted restriction policies if I need to modify specific settings for specific departments? How is it determined which restriction policy would take precedence if they contain conflicting settings?
1 Reply
Hi Jason,
In general there is no precedence for same device configuration settings, this will result in conflicting setting and the setting is dropped/not applied. So user groups or departments should be target of only one configuration policy which defines all needed settings. Global settings can be set by a global one but can't be overwritten so they must be really global.
See official documentation for this here:
If multiple policies are assigned to the same user or device, how do I know which settings gets applied?
[...] If a configuration policy setting conflicts with a setting in a different configuration policy, this conflict displays in the Azure portal. In this scenario, manually resolve these conflicts.
<= that's the important sentence for configuration policies!
What happens when a profile is deleted or no longer applicable?
best,
Oliver
