Device Policy user exclusion RRS feed

  • Question

  • If a policy is pushed down to a device how do we get a user to be exuded from this policy? If it you can't what take precedence a user policy or device? We want policies to be pushed to device to lock it down however we need administrators to not be effected by it.
    Thursday, May 16, 2019 1:40 PM

All replies

  • Hi phretbuzz,

    Please understand that we cannot assign policy to device type but exclude user type. When you exclude groups, only users, or only device groups (not a mixture of groups) from an assignment, Intune doesn't look at user-to-device relationships. Including user groups while excluding device groups may not get the results you expect. When using mixed groups, or if there are other conflicts, inclusion takes precedence over exclusion.


    As a workaround, we can assign this policy to all the users that login this device and exclude the admin user to be applied this policy.

    Best regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, May 17, 2019 6:54 AM