config profiles "fragmentation"? yay or nay?

MaxMorsia 

The approach you describe sounds okay, since you're doing it with deliberate intent per the group requirements around screen lock/password. A new admin might not see the correlation right off the bat and wonder why there's multiple policies, until it's explained or documented properly; that's the only aspect which might be unclear until the policy settings are examined to identify the differences. As long as changes aren't made to the ones "Not Configured" which would introduce a conflict, it's fine.

In contrast, doing two fully complete policy sets solves for the above problem in that it's clearer at first glance and no overlap, but at the tradeoff of being a bit redundant. I would choose this approach if the expectation is that some other admin will be managing/maintaining it in the future, because they might not be aware of the subtle logic behind the other approach. But if it's just you, either is valid.

Please like or mark this thread as answered if it's helpful, thanks!