Forum Discussion

David Bargna's avatar
David Bargna
Iron Contributor
Dec 06, 2023

policy sets, assignment,processing rules. Best Practise

we are migrating from SCCM to intune and have created quite a lot of configuration policies which we assign individually. This is a little tiresome to maintain when we need to modify assignments on multiple policies. We then learnt about policy sets - which seem perfect. We cant find any docs about how the assignments work and how the sets are processed. 

 

so say for example we have this policy set which contains 3 policies, and the below assignment.

 

Policy_Set1

  • CP_setting1 : All Devices
  • CP_setting2 : All Devices
  • CP_setting3 : All Devices, except Kiosk

Policy_Set1:Assignment : Include All Devices, exclude Kiosk

 

how does the policy processing on the client work? does it first goto the policy set and apply the contents to the assigned devices, ignoring the individual assignments?

 

so in the above example I would expect DeviceA to receive all of the settings above, and the KIOSK to receive non of the settings.

 

Once he policy set is processed are the individual polices then processed? would our KIOSK then receive the policies which are applied to All Devices - even though the policy set excludes these?

 

Is it best practise to no have any individual assignment on a policy if it is part of a policy set?

 

 

 

 

 

 

 

 

 

 

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi David Bargna,

    In your given example, the policy set named Policy_Set1 is assigned to All Devices excluding Kiosk. This implies that all policies within the set (CP_setting1, CP_setting2, CP_setting3) will be applied to all devices except those designated as Kiosk. The individual assignments of policies within the set are overridden by the policy set assignment.

    In this scenario, DeviceA would receive settings from CP_setting1, CP_setting2, and CP_setting3, while the Kiosk device would not receive any of these settings due to the exclusion at the policy set level. Importantly, after the policy set is processed, individual policies are not separately processed for excluded devices.

    Best practices suggest managing assignments at the policy set level when a policy is part of a set, reducing confusion and ensuring policies are applied as intended.

    Policy sets - Microsoft Intune | Microsoft Learn

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

Resources