Forum Discussion
Conflicting Policy
Good question... the microsoft docs for conlficting app protection policies are a lot better. But If a compliance policy evaluates against the same setting in another compliance policy, then the most restrictive compliance policy setting applies.
So for example one... I guess the 10 characters will be used. Using 10 characters should be the most restrictive...but I am not 100% how Microsoft thinks about this one...my guess both of the policies will give remediations errors... but I need to test it to be 100% sure. But beware using a password compliance policy can give you some trouble 😛
And for example 2, it's the same... the most restrictive would win so all devices will be blocked...You will need to apply a filters or exclude on that one to rule some users out
- It would be nice if MS could show show, warn admins of conflicts like this. There are so many area's to set the same policy that it becomes a nightmare to unravel at times. Something like GPResult would be good.
Hi Lee_Barton, to add to Rudy_Ooms_MVP's reply: Compliance policy settings always have precedence over configuration profile settings. Have a look at https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot#if-multiple-policies-are-assigned-to-the-same-user-or-device-how-do-i-know-which-settings-gets-applied. Some more info there. A couple of weeks ago I did a fun presentation on security baselines, and also talked about conflicting policies. Here's the https://allthingscloud.blog/what-zombies-can-teach-you-about-security-baselines/. Hope this helps
Oktay Sari - I read your Blog post and found it very interesting and entertaining!
Thanks for taking the time to reach out, I now have a fresh insight into Endpoint Manager as a result and will be retracing my steps with regard to Configuration Policies et all.
Thanks!
Lee
