Forum Discussion

Lynn Towle's avatar
Lynn Towle
Iron Contributor
Mar 27, 2019

Windows 10 Policies: Apply to user or device?

We are slowly working from moving from the PC Agent to MDM. There are still a few issues with MDM for Windows 10 and shared computers, but nevertheless, MDM is going to be where the future is headed.

 

I know there really isn't a hard and fast rule on whether you should apply a policy to a device or a user, but am wondering how other people out in the field are applying their policies. Has anyone come up with a best practices on which policies should be applied per user/per device? I know that every company has different requirements, but just curious if there is a little better guidance on this.

    • Lynn Towle's avatar
      Lynn Towle
      Iron Contributor

      sbuccimsftShared devices are my single biggest concern, but also trying to get non shared devices enrolled in MDM also.

       

      We have about 300 Win 10 devices that are shared and hybrid joined. Deciding how we are going to manage those devices with Intune has been an ongoing discussion for the last few years. DEM? Bulk? Unfortunately there isn't an easy answer for that question. Each deployment method has different capabilities when it comes to Intune management, especially when talking about non-admin users and application deployment, configuration and other types of profiles needing to be targeted to those users.

       

      That's why we've stuck with the PC agent for this long, it's simple, doesn't require a ton of management and while doesn't do everything we want, it gives us some fairly important functionality.

Resources