Mar 23 2020 12:11 AM - edited Mar 23 2020 01:22 AM
Hi folks,
i would like to discuss your experiences with user or device profile assignment.
What specific policies are you targeting to devices? What policies are you targeting to devices?
Of course I've read through the corresponding docs.
After my experiences in the last months i prefer assigning the profiles to devices.
- I'm able to exclude devices. (e.g. IT-Staff has one corporate device and one for testing purposes)
- The workflow when using white glove seems much more logic. (The very most config is applied while white glove process.)
So i would like to hear your experiences. What are advantages / disadvantages?
Thank you in advance. :)
What Assignments do you use for App configuration policies?
Patrick
Mar 23 2020 04:29 PM
Mar 24 2020 08:01 AM
Mar 25 2020 04:52 AM
Hi,
so there is not definite answer to this, but there are some situations where it really makes sense to use device based assignments instead of user based assignments. In general user based assignments are faster applied as they can be evaluated instantly from the system. The user is always there and can have the relationship with policies/apps. Devices pop up dynamically and device groups need first to be evaluated and then after identifying a membership the Intune service backend is able to push out the configs or apps. This is normally not a problem as we often do wait long enough to allow this to happen. Example: ESP waits for device context app installs and so on. So, enough time to evaluate and send down policies, apps etc.
So, especially for configs when dealing with exceptions like shared devices it is helpful to use device assignments as you are able then to exclude the "special" cases like shared device from regular baseline policies. e.g. you like to have different device lock timeout for them.
If you go for device assignments you should be aware of some behavior, like sudden logouts or restarts, my buddy Jörgen Nilsson has documented this very well here: Autopilot, ESP and extra login/reboots (https://ccmexec.com/2020/01/autopilot-esp-and-extra-login-reboots/).
Apps is a different story, here we are dealing with company portal and available or required assignments. Here I do prefer user assignments if possible, but that's not a golden rule. Also for required deployments it can make sense to use device assignments. I've written a blog post about it here: Intune application targeting for Windows 10 Win32 apps explained (https://oliverkieselbach.com/2020/02/19/intune-application-targeting-for-windows-10-win32-apps-expla...)
best,
Oliver
Apr 07 2020 10:13 PM
@Thank you guys for your ideas regarding this topic.
I already thought there is not the one and only answer. :)
Any others feel free to answer later and discuss this with us.
Apr 09 2020 01:14 AM - edited Apr 09 2020 01:19 AM
Jun 01 2020 11:31 PM
These are exactly the questions i'm facing, too.