Intune config profile deployment company wide - use "ALL USERS" group or not

David Moon 581 Reputation points
2024-08-21T02:14:18.0133333+00:00

Hi

Heard that deploying Intune profile company wide, its not recommended to use the built in "ALL USERS" group. Instead create a custom dynamic group to achieve this.

So created a dynamic user group, to target all users with E5 license. However, noticed that not all users have E5 license.

Tried a query to target all users with email address, but that was no good as well, as not all users had email addresses.

Can someone recommend, a good dynamic query to cover all users?

Also, non E5 licensed users, still seem to receive Intune policies. Is this as expected?

Thanks DM.

Microsoft Intune Grouping
Microsoft Intune Grouping
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Grouping: The arrangement or formation of people or things in a group or groups.
61 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,256 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Crystal-MSFT 49,861 Reputation points Microsoft Vendor
    2024-08-21T05:33:28.9966667+00:00

    @David Moon, Thanks for posting in Q&A. In Fact, to deploy Intune policy, Microsoft Intune license is needed for the user.

    Meanwhile, if you want to assign policy to all users, you can just use the All users group.

    https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-assign#assign-a-policy-to-users-or-groups

    But if you want to just assign to some users, you can check if any property of the user in the following link can be used to create dynamic group to meet your requirement.

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#properties-of-type-string

    For the scenario you want to only apply the policy to some specific devices of the users, you can consider use Intune Filter.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-device-properties

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Nick Eckermann 591 Reputation points
    2024-08-21T13:42:05.9433333+00:00
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.