cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Targeting different intune policies to different devices for the same users.

Robert Moir
Copper Contributor

‎Feb 15 2019 01:08 AM

‎Feb 15 2019 01:08 AM

Targeting different intune policies to different devices for the same users.

Hi all,

I'm looking at deploying Intune Standalone as a migration from SCCM Hybrid Intune and I'm looking to improve user experience while I can.

 

Talking about iOS devices here, we have users who might potentially have a corporate iOS device (which hasn't been set up through DEP) that has been configured by our helpdesk as if it was a personal device and handed to the user, and a personal device which they've self-enrolled. We'd like the user to get different polices depending on whether or not they're using a personal device or a corporate device.

 

Are there any options here? From what I understand, I can't target a user group for the corporate policy and then set an exclude for a device group containing their BYOD device.

 

Is our only option to implement DEP Then use dynamic group memberships? Is there something dumb I'm missing? Appreciate any thoughts.

Labels:
4,705 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by Robert Moir (Copper Contributor)

‎Feb 15 2019 02:39 AM

‎Feb 15 2019 02:39 AM

Solution

Re: Targeting different intune policies to different devices for the same users.

Hi Robert,

 

wouldn't it be a possibility to use dynamic groups yet?

In my case we donÄt use DEP oder Android Zero Touch.

The users can enroll their devices by their own. In the enrollment process they choose a device type (BYOD or COPE/CORP).

I've set up a dynamic group like this: 

e.g.

 

Name: Intune_BYOD_Devices_IOS

Rule: (device.deviceOSType -eq "iPad") -or (device.deviceOSType -eq "iPhone") -and (device.deviceCategory -eq "BYOD")

 

or for Android:

Rule: (device.deviceOSType -eq "Android") -and (device.deviceCategory -eq "BYOD")

 

Be carefull: The OS Type for iOS Devices isn't "iOS" (Strange, i know).

It is "iPad" and "iPhone".

With the device.devicecategory you can distinguish BYOD and CORP or the types you have. (BYOD is just a string i used. If you use "Company Device" you have to use this string in the dynamic rule.

1 Like
Reply
Robert Moir

‎Feb 15 2019 02:46 AM

‎Feb 15 2019 02:46 AM

Re: Targeting different intune policies to different devices for the same users.

Thank you for your response Patrick, I was looking at this already and I'm delighted to see someone using it and confirming it should work. I think the longer term answer here for me is to implement DEP but with your validation that it works I think Device Categories feeding Dynamic Device Groups is a good solution for now.
0 Likes
Reply

‎Feb 15 2019 02:48 AM

‎Feb 15 2019 02:48 AM

Re: Targeting different intune policies to different devices for the same users.

This works very well for me.
The only negative aspect is, that it needs some time before the dynamic group is updated, after a device is enrolled.
0 Likes
Reply
PatrickF11

‎Apr 17 2019 10:57 PM

‎Apr 17 2019 10:57 PM

Re: Targeting different intune policies to different devices for the same users.

Just a short response, because of a new Techcommunity Account. :) [Ignore me]

0 Likes
Reply
PatrickF11

‎Apr 17 2019 11:01 PM

‎Apr 17 2019 11:01 PM

Re: Targeting different intune policies to different devices for the same users.

Because of a new techcommunity account, this is just a short response to follow up the thread. :)
0 Likes
Reply