Apr 27 2022 03:54 PM - edited Apr 27 2022 03:56 PM
What else can be a great feature in Microsoft Endpoint Manager other than bundling up all the policies and create that “Golden Image” type policy and assign it to the Device or User groups so from an Administrators perspective, you don’t need to individually assign groups in to policies and apps and managing this will be super easy. A great MEM function which is still in Preview though, but I already see great benefits as well as some caveats using it.
Most of the organizations when they move from SCCM or from their current management solution to MEM/ Intune, they look for similarities so things can be managed without an additional hassle. In a world where you don’t have MEM Policy Sets feature, you would have apps – each app assigned to a group, device profiles – each one assigned to group/s, Compliance policies – each one assigned to group/s etc. It is an overwhelming task to make sure every policy that’s created, every app that has been added has been assigned to the group/s etc.
The main usage of Policy Sets is very simple to understand. It’s basically bundling up the policies, apps, configuration profiles etc. in one place and from that point onwards, if you have your set of users/ devices that needs to be assigned to those, rather than going to each policy and assigning them, you can go other way round. Assigning the Policy Set to the group/s. Also this is a great feature to set up that SOE level and maintain it as one single entity. You always have the ability to do modifications as you go.
As an example, you can maintain 3 policies for Windows, iOS and Android devices which are manages by MEM.
At this stage, below are available to configure in Policy Sets
Microsoft have already identified some known issues with Policy Sets which is basically stopping the administrators to think twice before using it.
In high level,
Even in this form, the goal of creating that Super Policy and add all the policies and Apps that needs to go in and then assigning groups (Device or User) is bit dicey as if you assign a device group to the Policy Set object, the underlying policies that needs to be assigned to a user policy will not work. So to overcome this you would introduce chaos by direct assigned policies which are not a part of the policy set.
According to Microsoft documentation, below are the Policy sets issues new to version1910
I believe Policy Sets are still in Preview because of this situation as they have these known issues than the usages. Everyone’s requirement is not he same and If you can tackle the caveats, you can still use the Policy Sets, but since this is out there for a while now and because Microsoft has identified the issues, they may working on a better version of this that we call can use without any hesitation.
Pros and Cons of Using Microsoft Endpoint Manager Policy Sets Feature – Shehan Perera:[techBlog]