Forum Discussion

stromnessian's avatar
stromnessian
Brass Contributor
Aug 15, 2020

Deploy app to compliant devices only

I'm probably missing something obvious, but I was wondering how I could deploy an app or configuration profile and limit it to compliant devices.  Conditional access obviously isn't the solution as it's only for accessing cloud apps.  I guess a dynamic group wouldn't work either as it'd require Intune enrollment to get the compliance data.  Any ideas?

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Hi stromnessian,

    I thought Non-compliant devices will not receive apps or config policies from Intune anyways, do you see different experience?


    Moe
    • stromnessian's avatar
      stromnessian
      Brass Contributor

      Moe_Kinani yes, non-compliant devices receive apps/config profiles the same as compliant ones do.

       

      Regards

      Keith 

      • eglockling's avatar
        eglockling
        Steel Contributor

        stromnessian  Doesn't the device need to enroll with Intune to be identified as compliant/non-compliant? You're right about not being able to use Dynamic AAD group though, because device compliance is not an available Property for creating the dynamic membership rule.

Resources