Forum Discussion
Intune Device configuration Device Restrictions Policy
In Our Environment we have one requirement We have Policy which will block all the user control ( USB,Time Zone Change) and we have requirement to exclude few users to allow time zone change . In...
Create 2 policies
Create a dynamic group based on enrollment profile
Create an 'exception' group for your less restricted people
Policy A
Dynamic Group - Include
Exception Group - Exclude
Policy B
Exceotion Group - Include
Policy B will need to get all of the policy settings as Policy A minus the exclusions.
Correct on your last point. You cannot 'layer' policies in Intune like GPO's.
There is another more complex option where you set a 'baseline' policy that has your settings that wil never change and then create multiple policies for each individual setting. This is terrible to try and manage as you get more and more outliers. I simply started with a policy names iOS - Configuration Policy - Baseline. In your case above, i would then create a nre policy called iOS Configuration Policy - Allow USB_TimeZone and do the include / exclude as described above.
Create a dynamic group based on enrollment profile
Create an 'exception' group for your less restricted people
Policy A
Dynamic Group - Include
Exception Group - Exclude
Policy B
Exceotion Group - Include
Policy B will need to get all of the policy settings as Policy A minus the exclusions.
Correct on your last point. You cannot 'layer' policies in Intune like GPO's.
There is another more complex option where you set a 'baseline' policy that has your settings that wil never change and then create multiple policies for each individual setting. This is terrible to try and manage as you get more and more outliers. I simply started with a policy names iOS - Configuration Policy - Baseline. In your case above, i would then create a nre policy called iOS Configuration Policy - Allow USB_TimeZone and do the include / exclude as described above.