application Assignment (SG) to application

%3CLINGO-SUB%20id%3D%22lingo-sub-1084664%22%20slang%3D%22en-US%22%3Eapplication%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1084664%22%20slang%3D%22en-US%22%3E%3CP%3EFolks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%26nbsp%3B%20Newbie%20to%20Intune%2C%20question%20about%20assigning%20applications%20to%20security%20group.%20I%20have%20AAD%20joined%20devices%20and%20AAD%20users.%20Windows%20device%20enrollment%20(automatic%20Enrollment)%20for%20group%20call%20'Intune_Enrollment'%2C%20has%20user%20'Miller'%20in%20that%20group.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20another%20application%20group%20call%20%22Intune_Applications%22%2C%26nbsp%3B%20applications%20are%20assigned%20to%20this%20group.%3C%2FP%3E%3CP%3EI%20have%20add%20user%20(Miller)%20in%20that%20group.%20but%20when%20user%20login%2C%20company%20portal%20has%20no%20application%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20I%20need%20to%20encapsulate%20group%20(so%20add%20%3CSPAN%3EIntune_Applications%3C%2FSPAN%3E%20to%20%26nbsp%3B%3CSPAN%3E'Intune_Enrollment'%3C%2FSPAN%3E%20group)%3F%20what%20is%20the%20best%20way%20to%20manage%20applications%20in%20Intune.%20There%20is%20no%20onpremise%20AD%2C%20everything%20is%20in%20cloud.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1084664%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1084941%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1084941%22%20slang%3D%22en-US%22%3EThe%20applications%20group%20doesn't%20need%20to%20be%20a%20part%20of%20the%20enrollment%20group.%3CBR%20%2F%3EYou%20just%20need%20to%20make%20sure%20that%20the%20user%20is%20in%20both%20groups.%3CBR%20%2F%3EAs%20long%20as%20that%20is%20the%20case%2C%20you%20are%20golden.%3CBR%20%2F%3E%3CBR%20%2F%3EIF%20you%20go%20to%20the%20devicemanamangent.microsoft.com%20-%20devies%20-%20check%20your%20device%3CBR%20%2F%3E%26amp%3B%20then%20the%20managed%20apps%20section.%20Do%20you%20need%20the%20app%20you%20deployed%20there%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1086352%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1086352%22%20slang%3D%22en-US%22%3EHi%20Orion%2C%3CBR%20%2F%3E%3CBR%20%2F%3ETry%20to%20scope%20the%20PC%20not%20the%20user%2C%20but%20make%20sure%20the%20pc%20shows%20Compliant%20under%20devices.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks!%3CBR%20%2F%3EMoe%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1086705%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1086705%22%20slang%3D%22en-US%22%3E%3CP%3EI%20will%20take%20a%20look%20after%20this%20weekend...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1086707%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1086707%22%20slang%3D%22en-US%22%3EI%20will%20take%20a%20look%20and%20test%20after%20this%20weekend..thanks%20for%20suggestion%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1086708%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1086708%22%20slang%3D%22en-US%22%3Ehi%20Moe_Kinani%2C%20would%20you%20give%20little%20more%20detail%20about%20your%20scoping%20to%20device%20not%20users%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087123%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087123%22%20slang%3D%22en-US%22%3EHi%20Orion%2C%3CBR%20%2F%3E%3CBR%20%2F%3ECreate%20new%20security%20group%20in%20Azure%20AD%20(call%20it%20Company%20Portal%20for%20example)%20and%20add%20the%20Workstations%20as%20a%20member%20of%20that%20group.%20Then%20scope%20the%20security%20group%20under%20the%20application.%20Make%20sure%20the%20PC%20MDM%20in%20Intune%20and%20shows%20Compliant.%3CBR%20%2F%3E%3CBR%20%2F%3ELet%20me%20know%20if%20you%20have%20any%20questions!%3CBR%20%2F%3E%3CBR%20%2F%3EMahmood%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087132%22%20slang%3D%22en-US%22%3ERe%3A%20application%20Assignment%20(SG)%20to%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087132%22%20slang%3D%22en-US%22%3EDon't%20like%20this%20solution%20because%20this%20means%20a%20user%20doesn't%20have%20the%20same%20applications%20across%20computers.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20this%20is%20needed%2C%20scoping%20to%20users%20is.the%20easiest%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Folks,

   Newbie to Intune, question about assigning applications to security group. I have AAD joined devices and AAD users. Windows device enrollment (automatic Enrollment) for group call 'Intune_Enrollment', has user 'Miller' in that group. 

I have another application group call "Intune_Applications",  applications are assigned to this group.

I have add user (Miller) in that group. but when user login, company portal has no application?

 

Do I need to encapsulate group (so add Intune_Applications to  'Intune_Enrollment' group)? what is the best way to manage applications in Intune. There is no onpremise AD, everything is in cloud.

6 Replies
Highlighted
The applications group doesn't need to be a part of the enrollment group.
You just need to make sure that the user is in both groups.
As long as that is the case, you are golden.

IF you go to the devicemanamangent.microsoft.com - devies - check your device
& then the managed apps section. Do you need the app you deployed there?
Highlighted
Hi Orion,

Try to scope the PC not the user, but make sure the pc shows Compliant under devices.

Thanks!
Moe
Highlighted
I will take a look and test after this weekend..thanks for suggestion
Highlighted
hi Moe_Kinani, would you give little more detail about your scoping to device not users?
Highlighted
Hi Orion,

Create new security group in Azure AD (call it Company Portal for example) and add the Workstations as a member of that group. Then scope the security group under the application. Make sure the PC MDM in Intune and shows Compliant.

Let me know if you have any questions!

Mahmood
Highlighted
Don't like this solution because this means a user doesn't have the same applications across computers.

If this is needed, scoping to users is.the easiest