Forum Discussion
Device Configuration Profile Exclusion Group Not Working
Hi,
All devices is a virtual device group. So you can use an azure device group as an exclusions.
are those devices with the non applicable status already rebooted?
did you set the config via Intune or gpo? Are the kiosk device ad joined/azure joined or standalone?
Kind regards,
René
Mr_Helaas They are AAD joined devices, and should not be getting any policies from the on-prem AD. The only thing the on-prem AD is really managing are systems that can't be AAD joined, and the initial hosting and creation of user accounts. Then they are synced to AAD where they are actually used (no idea why it was set up this way, one of the things I'm trying to fix).
I wrote a script for all of the kiosks to run on logon, and while I was setting them up I repeatedly rebooted them while in the exclusion group, with no real luck.
The config is setup through Intune. I only mention the on-prem just in case there could be some strange interference, but it isn't managing anything on the devices. I also tend to use the on-prem terminology for things being done in Intune, simply because I'm so much more used to that terminology. So I'm very sorry for any possible confusion there.
Another bit of oddity, is that one of the three devices actually getting the non-applicable status keeps changing. What I mean is, two of them have remained in the non-applicable status for that device config profile. The third has changed between a few different devices in that same group, never remaining the same device for more than a few hours. I don't understand why all of them aren't showing in the config as non-applicable. I've also run an Intune sync on all of the devices, on multiple occasions thinking that would help. It didn't.
