Device and User groups
I wonder what thoughts people have on this, under Group Policy I arranged my users into three Active Directory OUs, the top level was ‘Tier 3’ all users or devices, then below that ‘Tier 2’ with just a pilot group, then finally ‘Tier 1’ with just IT users or non production devices. Each Tier then has a GP linked to it
With Group Policy inheritance any setting in the GP linked to Tier3 applied to all lower Tiers. So settings moved down the hierarchy as they were rolled out
Now under Intune I’m applying policies to groups, so I have 3 groups, T1, T2 and T3 should I keep the inheritance by add T1 as a member to T2 and T2 as a Member to T3? Does this risk conflicts, or should I have independent groups and copy settings down the hierarchy as they get rolled out to a wider audience?