Assigning device profiles – Manage, maintain, and protect devices

 Last updated on August 2, 2024  Posted by 
Share: TwitterFacebookPinterestLinkedin

For a device profile to be applied to an enrolled device, you need to assign the profile to users or devices using Azure AD groups. To assign a device profile, use the following procedure:

  1. Open the Microsoft Intune admin center.
  2. Select Devices, and under Policy, select Configuration profiles.
  3. Select the profile that you want to assign or modify the existing assignment.
  4. On the profile properties page, next to Assignments, click Edit.
  5. On the Assignments page, update the assignments as needed. You can choose:
    • Add groups, and then select specific groups to which to assign the profile
    • Add all users, which results in all supported and enrolled devices of all users being assigned the profile
    • Add all devices, which results in all supported and enrolled devices being assigned the profile
  6. Click Review + save and then click Save.
    You can also exclude groups from policy assignment by using the Exclude tab. Care should be taken to ensure that the assignment outcome is as desired.

Implementing Scope tags

When you create Intune configuration profiles and policies, and after you add the settings, you can also add a scope tag to the profile. Scope tags are used to assign and filter policies to specific groups, such as your marketing team or sales employees.

You can also use scope tags to give admins the right access level and visibility to objects in Intune. In this scenario, you combine Azure AD role-based access control (RBAC) and scope tags. The role determines what access admins have to which objects, and the scope tags determine which objects admins can see.

To add a scope tag to a policy, you must have already created the tag. To add a scope tag, use these steps:

  1. Open the Microsoft Intune admin center.
  2. Select Tenant administration, and then select Roles.
  3. On the All Roles page, select Scope tags and then click Create.
  4. On the Basics tab, provide a Name and optional Description and click Next.
  5. On the Assignments page, choose the groups containing the devices to which you want to assign this scope tag. Click Next.
  6. On the Review + create page, review the settings and then choose Create. The Scope tag is created and appears in the list of Scope tags.
Author: Cheryl Casey

Leave a Reply

Your email address will not be published. Required fields are marked *