02-12-2018 06:17 AM
02-12-2018 06:17 AM
We're about to migrate from MobileIron to Intune and I've been building the service ready for our users.
In MobileIron, we previously had different policies and configurations for users based upon dynamic groups (labels) that filtered on both user and device attributes e.g. user is in xxx AD group and has an iOS device with DEP enabled.
Currently I can't see how this can be achieved in Intune. Would I have to use nested Dynamic groups (if this is supported) to segregate by device attribute, and then from that group by user attribute? Or do I need to rethink about how we're applying configurations and policies?
Secondly, we have subsets of users that need slightly different policies (such as VIPs, or users with specialist devices). Are we able to prioritise policies/configurations so that, if 2 are pushed to the same device, one is given priority over the other, or do I need to figure a way to separate them out from the 'main' group? The only way I can think of doing this is, again, create a dynamic group that says "everyone with xxx AD group", and then create a second dynamic group which is "everyone not already in that other dynamic group". Would this be the ideal solution?
Any help or insight with this would be hugely appreciated.
02-15-2018 02:17 PMSolution
you will need to come up with a different strategy how to assign configurations. As of now there is no way to build a query like person x not member in group y.
The way Microsoft is thinking about the Intune assignments are user centric. So a VIP group will get different settings and is not member of the broad employee group for example. This leads to separation in the end. Your example of user has iOS and DEP is also not directly addressable. We can't mix user and device attributes. We would assign a policy to a user group and if the user has an Android all iOS device policies would be marked as "not applicable". If the user now enrolls a iOS device the iOS policies would apply. Makes sense?
Certainly not the flexibility you may be familiar with MobileIron, but that's how it is.
02-16-2018 01:53 AM
by wangjueliang on May 22, 2020
by Luke_SM on April 06, 2020
by Stuart King on January 21, 2020
by Intune Support Team on May 14, 2020
by Mayunk Jain on April 07, 2020