I'm looking for some guidance on the best practice setup when dealing with multiple restriction policies for multiple user groups. Should I be creating complete restriction policies for each department, or am I better off creating a single, overarching restriction policy for my organization and then creating more targeted restriction policies if I need to modify specific settings for specific departments? How is it determined which restriction policy would take precedence if they contain conflicting settings?
In general there is no precedence for same device configuration settings, this will result in conflicting setting and the setting is dropped/not applied. So user groups or departments should be target of only one configuration policy which defines all needed settings. Global settings can be set by a global one but can't be overwritten so they must be really global.
See official documentation for this here:
If multiple policies are assigned to the same user or device, how do I know which settings gets applied?