Forum Discussion
Unsanctioned to all, exclude to some
Dear reader, I have configured the asset rules en device tagging. I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a dev...
Hi AWulle,
I faced the same issue. Unfortunately, the only way to exclude certain devices is by using a Device Group, and the challenge here is that a single device can only belong to one Device Group at a time (either the WIN11 Device Group or the Exclude Group in your case). What other policies are currently applied to your WIN11 Device Group? Could you apply those same policies to the Exclusion Group as well? That's what we did when we had a similar exclusion scenario.
Hi Matej,
Thank you for your response. Web content filtering is another policy where I am encountering challenges due to the need to create exceptions for specific departments or device groups.
I'm glad I didn't overlook anything, as this is indeed how defender works. Personally, I find it to be a shortcoming.
Thank you for your response. Web content filtering is another policy where I am encountering challenges due to the need to create exceptions for specific departments or device groups.
I'm glad I didn't overlook anything, as this is indeed how defender works. Personally, I find it to be a shortcoming.