Profile Assignments Confusion

Copper Contributor

Reading Microsoft's documentation located here Assign device profiles in Microsoft Intune - Azure | Microsoft Docs it seems pretty clear to me that you assign profiles to devices when the settings in the profile should always follow a device and to users when the settings should always follow a user.

 

So in the case of an iOS device configuration profile for device restrictions for example, I want the settings to follow the device, not the user. The device should always adhere to the settings in the device restrictions. Simple enough, pretty much like computer based GPO's and windows on-premise.

 

Given the example above, it would seem to be that targeting the assignment to "All Devices" would make more sense than a device based group or even a dynamically built device based group considering the latency and delay they have when adding members.

 

My understanding is that profiles in Intune are platform specific, so if I create a device restrictions profile for iOS and assign it to "All Devices", it only targets iOS/iPadOS devices. Is this correct? Leaving me free to apply profiles that I want on all devices from a given platform simply by targeting "All devices" instead of a dynamic device group.

 

Is my thinking correct here? If not, why? 

1 Reply
Hi,
You could microsoft docs about this topic but you are indeed correct. If you create a ios device configuration policy and you assign it to all devices, it only will be applied at all IOS devices

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-assign#user-groups-vs-devic...