Jul 07 2022 06:55 PM
Hi
I need to set different policies for our staff and managers in the company, for managing their iPhones/iPads.
I created two Policy sets with different configuration profiles and compliance policies,
and assign one of the policy sets to the staff group and the other one to the Managers group,
then I added users from Azure into each group, but it's not working when I install the profile!
I am wondering how can I set different policy sets for 2 groups of users and assign them to the same profile and install them on the Apple devices?
Jul 08 2022 02:44 AM
Hello @Oemgroup ,
Are those devices enrolled to Intune MDM?
Is there a chance that you are trying to deploy MDM policies to MAM devices?
Jul 08 2022 08:45 AM
Jul 11 2022 07:34 AM
Jul 11 2022 06:03 PM
Jul 11 2022 06:06 PM
Jul 11 2022 08:05 PM
Jul 12 2022 12:50 AM - edited Jul 12 2022 12:51 AM
SolutionSo, to make sure I understand you correctly (just making things up here, it's about the structure and most how things are assigned).
Policy Set "Manager"
Assigned to the virtual "All devices" group.
Policy Set "Staff"
Assigned to the virtual "All devices" group.
You are already assigning the Configuration Profiles and Compliance Policies to the groups directly (which answers my question ).
I don't think you even need Policy Sets right now, so I suggest you remove them from the equation to reduce complexity. As you already removed the separate items from the Policy Sets and they're still not working, start troubleshooting them one by one, starting with the most simple setup.
Finally, just a little afterthought: are you sure your Apple devices are enrolled with user affinity? If not, you can't assign anything to users.
Jul 14 2022 07:59 PM - edited Jul 14 2022 08:33 PM
Thank you @NielsScheffers
all devices are enrolled without user affinity,
I did remove Policy sets, created 2 groups of devices, and add related devices to each group by setting Dynamic membership rules and using Device Category to rules, then create and assigned:
When I check enrolled devices on the endpoint device properly, Device compliance and Device configuration are set up correctly for each group, the only thing is: that all policies are not been applied to phones after more than 24 hours!
from every phone setting> profile management > restriction, there aren't some of the policies that I identified! and on the endpoint just show them as Not applicable!
Jul 14 2022 11:39 PM
Jul 15 2022 01:06 AM
Jul 12 2022 12:50 AM - edited Jul 12 2022 12:51 AM
SolutionSo, to make sure I understand you correctly (just making things up here, it's about the structure and most how things are assigned).
Policy Set "Manager"
Assigned to the virtual "All devices" group.
Policy Set "Staff"
Assigned to the virtual "All devices" group.
You are already assigning the Configuration Profiles and Compliance Policies to the groups directly (which answers my question ).
I don't think you even need Policy Sets right now, so I suggest you remove them from the equation to reduce complexity. As you already removed the separate items from the Policy Sets and they're still not working, start troubleshooting them one by one, starting with the most simple setup.
Finally, just a little afterthought: are you sure your Apple devices are enrolled with user affinity? If not, you can't assign anything to users.