0

I have a number of devices enrolled in Microsoft Intune. Currently, they all share a single set of Intune configuration profiles and compliance policies; our "all employees" group has the profiles/policies assigned to it. I want to set up a new profile for testing with specific users, who are already in their own Azure AD group. Unfortunately, the settings I want to test changing are already set by the primary configuration profiles. If I create a new profile with my settings, it conflicts and nothing happens.

How can I resolve an Intune configuration profile conflict while a) being able to set and assign the test profile and b) not unassigning or unsetting options in the main profile? Is there some kind of prioritization mechanism I'm missing?

Alexander Martin
  • 125
  • 1
  • 7

1 Answers1

2

It depends on which policy types you are referring to.

In regards to Device Compliance polices, they always win vs Configuration policies and the most restrictive setting wins.

In regards to conflicts between Device Configuration policies, Intune has no conflict resolution at this time, you need to fix it manually. The main reason is because it's not easy to decide what should win due to the variety of settings.

More info here: https://docs.microsoft.com/en-us/intune/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies#if-multiple-policies-are-deployed-to-the-same-user-or-device-how-do-i-know-which-settings-are-applied

For this you would need to play around with the Group assignments if Include and Exclude.

E.G.:

Policies "Prod" assignment with:

  • Include: All Employees
  • Exclude: Test Group

Policies "Test" assignment with:

  • Include: Test Group
  • Exclude:

Still this is something that needs to be very well planed so that the same settings/policies are applied when switched to production.

Ralms
  • 196
  • 6