cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Users Group vs Devices Group use cases

sumo83
Brass Contributor

‎Oct 23 2023 05:51 AM

‎Oct 23 2023 05:51 AM

Users Group vs Devices Group use cases

Hi...

 

It is a bit basic but I've been always confused a bit about when is the best to use users group or devices group when dealing with Intune.. 

 

I use intune in our company for:

  • Apps deployment
  • Security policy 
  • Configuration profiles
  • Endpoint Security
  • Widows Updates

 

I always use "users" when assigning policies/profiles.... but not sure whether it would be better to use DEVICES?  

 

Each user has its own device.... Rarely, some user needs to use colleague's laptop so uses his own credentials for that laptop as well... I am wondering - when I point all the above to users, lets say Apps - will it push MSI apps, Microsoft Store apps, etc to his profile even if there are already apps installed under the colleagues profile?

 

Also, lets say that I will push bitlocker enablement via Intune - will it have any impact if a user will log in to a colleague's laptop with bitlocker already enabled?

Labels:
424 Views
0 Likes
2 Replies
Reply
2 Replies
eliekarkafy

‎Oct 23 2023 08:36 AM

‎Oct 23 2023 08:36 AM

Re: Users Group vs Devices Group use cases

@sumo83 simply, depends on your use case scenario. for example, if your users have multiple devices and you want to apply your setting on those users despite what devices they are using, you apply your policy on group of users. if each user has only a single device, then you apply policies on group of devices. 

 

if you apply BitLocker on device groups, devices will be encrypted despite which user is using this device. 

1 Like
Reply
JutManGraham

‎Oct 26 2023 11:37 AM

‎Oct 26 2023 11:37 AM

Re: Users Group vs Devices Group use cases

As a rule i use Device Groups for any device related policies and broad sweeping applications like Office installations which i want on every PC. User Groups i use for all of the 'one off' policies. I do quite a few 'exceptions' as well when doing these deployments which gets a little more complex. Using the Dynamic Device groups you can hit 90+ % of what you need. Then tighten the last 10% with User Groups and Exception to the broad sweeping Device groups.
1 Like
Reply