none
Device Policy user exclusion

    Question

  • If a policy is pushed down to a device how do we get a user to be exuded from this policy? If it you can't what take precedence a user policy or device? We want policies to be pushed to device to lock it down however we need administrators to not be effected by it.
    Thursday, May 16, 2019 1:40 PM

All replies

  • Hi phretbuzz,

    Please understand that we cannot assign policy to device type but exclude user type. When you exclude groups, only users, or only device groups (not a mixture of groups) from an assignment, Intune doesn't look at user-to-device relationships. Including user groups while excluding device groups may not get the results you expect. When using mixed groups, or if there are other conflicts, inclusion takes precedence over exclusion.

    Reference: https://docs.microsoft.com/en-us/intune/device-profile-assign#exclude-groups-from-a-profile-assignment

    As a workaround, we can assign this policy to all the users that login this device and exclude the admin user to be applied this policy.

    Best regards,

    Cici


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 17, 2019 6:54 AM