Config policies targeted to All Devices


Hi All,

Hey folks. We have some device config policies targeted to All Devices. We’ve had a need to add an excluded group with a couple of devices in it, but the devices are still getting the policies. There are a few comments here and there on Google saying the same. Is this a thing? You can’t add excludes if there’s an All Device included?! That sounds wrong but it seems to be what we’re finding.

Posted by Steve Prentice in HTMD FB Group

Answers ( 2 )

  1. Replied by Andre Williams

    Maybe this might work. Create an “Excluded Group”.
    2. Move the devices that you want to exclude from the device CSP to this group.
    3. Modify the CSP and remove the “All Devices” group from the targeting.
    4. Add the “Excluded Group” to the targeting of the CSP, ensuring that the policy does not apply to devices in this group, the devices in the “Excluded Group” will not receive the CSP targeted to the “All Devices” group, effectively excluding them from the policies…

  2. Replied by Jakub Piesik

    Maybe you can use Filters to exclude them?

    Replied by Greg Gilbert

    Jakub Piesik this is the way. At least if filters can be used for your criteria.

    Replied by Jiří Muaddib Burda

    If device have apply policy and you excluded they still have old policy written so you need create opposite policy and assign to excluded group

Leave an answer

Sorry, you do not have permission to answer to this question .