Event banner

Policy management with Microsoft Intune

Event Ended
Tuesday, Oct 25, 2022, 07:30 AM PDT
Online

Event details

You’ve seen all the exciting Microsoft Intune policy news at Microsoft Ignite, now it’s time to go deeper. Come join Julia and Mike as we share our top five Intune policy tips and tricks to help keep...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
JEngel05's avatar
JEngel05
Brass Contributor
Oct 25, 2022

Just some feedback around policy... When applying it the first time, it works great. The large settings catalog is amazing. The GPO analytics to convert to policy saves a lot of time migrating... However, anytime you have to change applied policies or revert them, it becomes a VERY inconsistent experience. Sometimes it may undo the change, sometimes it may tattoo, sometimes a non-tattooing policy just may feel like not reverting depending on the device. The last thing I want to tell management if I ever have to revert a policy change is that MAYBE it will revert, Maybe it won't. It depends on how the device is feeling that day....

We really need a better way to identify which policy settings will actually tattoo, or even better yet have none of them tattoo so whatever is set in the policy will be set on the device. Or if there is a way to identify which will tattoo now, I would love to know.

I feel like as Intune policy gets as old as GPO, people are going to end up with a mess of random policies that were created just to overwrite tattooing settings. A web of included/excluded settings.

  • Mike-Danoski's avatar
    Mike-Danoski
    Icon for Microsoft rankMicrosoft
    Oct 26, 2022
    Hi James, thank you for the feedback. Where I've seen this is where we don't have a default for a setting, so the setting doesn't have something to fall back to. When a setting is removed from a policy or unassigned, we send a remove command for that CSP node that is acted on at a per-setting basis. Many times, the setting state stays the same, but the enforcement is removed. E.g. if a 20-digit pin is reduced to 6, we won't tell the user to change the pin but the next time they change it they can reduce it if they like. Can you please share some examples of setting types you've experienced tattooing so we can make some improvements?
  • EricOhlin's avatar
    EricOhlin
    Iron Contributor
    Oct 25, 2022
    Well said, James!
  • HeyHey16K's avatar
    HeyHey16K
    Iron Contributor
    Oct 25, 2022
    Agree with this - we've had lots of problems undoing Intune policies too
    • DaneaGalbraith's avatar
      DaneaGalbraith
      Iron Contributor
      Oct 25, 2022
      I have had to assign the same group as an exclusion and that only works some of the time.
    • DaneaGalbraith's avatar
      DaneaGalbraith
      Iron Contributor
      Oct 25, 2022
      I have had to assign the same group as an exclusion and that only works some of the time.
Date and Time
Oct 25, 20227:30 AM - 8:00 AM PDT