SOLVED

Curious question here: New environment

New Contributor

I have worked with intune previously and am used to setting up device groups for the separate types (android, iOS, etc.) however, at the new job, in their POC, they have all policies for all device types on one master device group.   This seems too good to be true imho.   

Not sure why I am under this impression, however, I thought that the category, device group membership and group assignment was how the devices knew what policies to apply.  However, if I have one master device group with all "personally owned devices" as members, will they  (the devices) only apply the relevant policies?  ie Will the androids only get the android policies, and iOS their own, etc.?

I plan to prove it out first, however, wanted to ask the community for input.   

Thoughts?

Sincerely,

David M

 

3 Replies
best response confirmed by David_M1840 (New Contributor)
Solution

@David_M1840 

 

Hi David,

If I got this right, I believe you can have one Master Device group along with device filters, so when you create the policies and add the master group to the assignment, you can further target this to the specific device filter (inclusion or exclusion)

Ideally you have to create your filters 1st from MEM > Tenant Administration > Filters

Filters are dynamically applied to your devices and you can set filters for specific platforms (iOS/ Android/ Windows).

 

Once the filters are ready then, set it when you assigning the Device policies to the master group.

 

Please check this for more about device filters - How To Create and Usages of Microsoft Endpoint Manager (MEM) Device Filters – Shehan Perera:[techBlo...

 

Hope this helps.

Thank you.

**If you think my answer is valid, please Accept it as the solution. Thank you**

 

Hi @David_M1840,

 

Scott Duffey has written a Microsoft doc about best practises and how to assign policies and which method should be used. Intune grouping, targeting, and filtering: recommendations for best performance - Microsoft Tech Com...

 

Within Intune you have on almost all policies the option to assign to all devices. that doesn't mean that the policy will be applied on all devices but only to All devices of the profile type. So if you create a Windows policy and set the assignment to all device all windows device will get that policy.

 

If you create a master group for all personally owned device the policy will only be applied to devices of the policy type and must be marked as personal within Intune. 

 

If you look at the best practices, you have made a good decision. 

 

Kind regards, 

 

Rene

Thank you Rene! Good info.