I agree with the filtering point also. If I target all devices and use a filter to make an application required, then later decide that a specific group of devices should have the same application available instead, that approach does not work as expected because those devices could already excluded by the filter logic. My main takeaway from this is that naming conventions and planning are critical when setting up Intune. A clear structure from the beginning helps avoid assignment conflicts and makes future changes much easier

I love to use dynamic device groups just as you mentioned for being able to do autopilot setups more easy. But with multiple departments with different needs this was a bit of a hassle to build dynamic device groups to my needs. So I ended up on creating a logic app that checks a dynamic user group and then adds or removes devices to a device group based on user membership of this user group. 

Not sure on how you othe peolpe do this?

To answer the training question: a lot of techs would like to have a test/demo environment to learn and try intune things inside. Many people lile to learn in a hands on way.

Could you provide training, and step by step content to show how to set one up? Or provide a full test environment with test VMs to act as test devices? 

Tell us about Windows Hello for Business. Usually I don't use the global setting under Intune > Windows > Enrollment  ....instead I have been using Intune > Endpoint Security > Account Protection to create a WHfB policy. Am I doing it the right way? I find the tenant/global setting very limited in terms of options.

Why does intune even allow us to create a conflicting policy? Couldn't the intune portal do a quick scan of other policies in the tenant and flag that there's a conflict before we can hit save? 

You say, don't use "All Devices" or "All Users" - what are the issues with exclusions if we do use them? More importantly, what do you suggest instead if we wish to target all the devices, do you recommend a Dynamic Device Group that includes all Windows Devices excluding personal devices?

Question: we really struggle maintaining anywhere close to 100% compliant devices amongst the active Windows devices in Intune across our MSP clients. Its been really difficult to confidently turn on compliance-aware CA Policies in Entra as a result. Too many things feel like they can trigger a compliance failure, even small policies conflicts triggered unexpectedly or a device update could cause a Bitlocker noncompliant device, for instance ... so how to move a little closer to 100% or at least 99% in terms of compliant devices?

Some questions for you:

• Training - We've heard that you want more of it. How should that training be conducted? Online/direct? Via ISV or distributor?
• Co-sell support - What type of support do you need? What materials or tools would help you?
• Awareness - How can we better inform you about product innovations, new opportunities, and new resources?

As an MSP, we would really love to see Intune Remediation Scripts be available with Intune Plan 1 licensing. Pay walling behind Intune P2 tosses out 95% of our client base using Business Premium. Then we can use CIPP to push script templates across tenants!

Welcome to our fifth #IntuneForMSPs Community Meetup. If you have any questions -- or ideas about topics for future meetups -- drop them here in the comments.