Multiple profiles with differing restrictions

Copper Contributor

Hey everyone, looking some advice on whether something is possible with Intune configuration profiles.

We currently have 2 distinct profile groups of devices, one which is heavily restricted due to client requirements and 1 that has restrictions but nothing compared to the first group. These are a mixture of device configuration (including admx), settings catalog and administrative templates policies.

The devices that are heavily restricted are currently only used for client side work and are based in our offices i.e. desktops. Each of these employees has a company issued laptop that they would use for the likes of email and accessing company resources when working from home or not in the office that are blocked on the desktops.

We would like to consolidate this and have one device that they can use for client side work under 1 profile and another profile that would basically match the less restrictive profile on their laptop. The employee has 2 separate AAD accounts that they use so can be easily segregated by user groups.

My question is, can we configure it so that these 2 profiles could be applied on the same device depending on which account? The reason I ask is that some of these current configuration profiles are device level restrictions, not user level. Would the more restrictive device level restrictions superseed the less restrictive? Or would certain settings not apply and be reported as a Conflict?

3 Replies
If it's a device setting and you have the same setting (One Configuration Profile with strict settings and one with relaxed settings), they would be in conflict.

"If a configuration policy setting conflicts with a setting in another configuration policy, this conflict is shown in Intune. Manually resolve these conflicts."

It doesn't say if the first one applied wins or the most restrictive, however...
Did this help?
Any update?