Forum Discussion
How to set Different Policy set for Different Apple Devices with Endpoint/InTune?
Hi
I need to set different policies for our staff and managers in the company, for managing their iPhones/iPads.
I created two Policy sets with different configuration profiles and compliance policies,
and assign one of the policy sets to the staff group and the other one to the Managers group,
then I added users from Azure into each group, but it's not working when I install the profile!
I am wondering how can I set different policy sets for 2 groups of users and assign them to the same profile and install them on the Apple devices?
So, to make sure I understand you correctly (just making things up here, it's about the structure and most how things are assigned).
Policy Set "Manager"
Assigned to the virtual "All devices" group.
- Configuration Profile "Manager"
Assigned to "Managers" ("All users") group - Compliance Policy "Manager"
Assigned to "Managers" ("All users") group
Policy Set "Staff"
Assigned to the virtual "All devices" group.
- Configuration Profile "Staff"
Assigned to "Staff" ("All users") group - Compliance Policy "Staff"
Assigned to "Staff" ("All users") group
You are already assigning the Configuration Profiles and Compliance Policies to the groups directly (which answers my question
).I don't think you even need Policy Sets right now, so I suggest you remove them from the equation to reduce complexity. As you already removed the separate items from the Policy Sets and they're still not working, start troubleshooting them one by one, starting with the most simple setup.
Finally, just a little afterthought: are you sure your Apple devices are enrolled with user affinity? If not, you can't assign anything to users.
- Configuration Profile "Manager"
10 Replies
- Can you share some more information on what does and doesn't work? For instance:
Do you see the policy set and/or its content being applied in the portal at all?
Is nothing in the set applied or are only specific policies missing?
Do the policies apply if you assign them to the groups directly (circumventing Policy Sets completely)?- Thank you for your reply,
Do you see the policy set and/or its content being applied in the portal at all?
- there aren't applied to the profile, when I install the profile and check, there is no policy set!
Is nothing in the set applied or are only specific policies missing?
- noting, actually the whole created 'Configuration profile' are not applied to the profile at all!
Do the policies apply if you assign them to the groups directly (circumventing Policy Sets completely)?
- I did create 2 groups (staff/managers) and assigned Azure users from 'All Users'
then 2 Compliance Policies (staff/managers) ->assigned each group to a related policy
and 2 Configuration profiles (staff/managers) ->assigned each group to related policy
the 1 policy set and assigned them to the Device management section,
then I add them to a policy set and assigned the policy set to all Devices.
not sure what I did wrong?
I did delete them from the policy set and test the profile, still not working,
I am wondering how can I assign them to the groups directly without the policy set?So, to make sure I understand you correctly (just making things up here, it's about the structure and most how things are assigned).
Policy Set "Manager"
Assigned to the virtual "All devices" group.
- Configuration Profile "Manager"
Assigned to "Managers" ("All users") group - Compliance Policy "Manager"
Assigned to "Managers" ("All users") group
Policy Set "Staff"
Assigned to the virtual "All devices" group.
- Configuration Profile "Staff"
Assigned to "Staff" ("All users") group - Compliance Policy "Staff"
Assigned to "Staff" ("All users") group
You are already assigning the Configuration Profiles and Compliance Policies to the groups directly (which answers my question
).I don't think you even need Policy Sets right now, so I suggest you remove them from the equation to reduce complexity. As you already removed the separate items from the Policy Sets and they're still not working, start troubleshooting them one by one, starting with the most simple setup.
Finally, just a little afterthought: are you sure your Apple devices are enrolled with user affinity? If not, you can't assign anything to users.
- Configuration Profile "Manager"
- Hi Oemgroup, can you check one single device if you can see here the assignments of the policy set.
- Hi Jannik,
I have checked that, the issue is coming from the policy set, when I defined one policy set and assigned it to all users/all devices it's fine, but when I define 2 policy sets and assigned it to 2 groups of users which one of them are managers users group ( selected some Azure's user emails) it's not working! it' means the profile is fine but the policy set hasn't added to the profile!
- Thank you for your reply,
Are those devices enrolled to Intune MDM?
yes, I have enrolled them via the profile with 2 policy sets, but there weren't the policy sets that I added to the managers group.
Is there a chance that you are trying to deploy MDM policies to MAM devices?
don't think, as it is working perfectly with one policy set.
