Device and User groups


I wonder what thoughts people have on this, under Group Policy I arranged my users into three Active Directory OUs, the top level was ‘Tier 3’ all users or devices, then below that ‘Tier 2’ with just a pilot group, then finally ‘Tier 1’ with just IT users or non production devices. Each Tier then has a GP linked to it

With  Group Policy inheritance any setting in the GP linked to Tier3 applied to all lower Tiers. So settings moved down the hierarchy as they were rolled out

Now under Intune I’m applying policies to groups, so I have 3 groups, T1, T2 and T3 should I keep the inheritance by add T1 as a member to T2 and T2 as  a Member to T3? Does this risk conflicts, or should I have independent groups and copy settings down the hierarchy as they get rolled out to a wider audience?

Answer ( 1 )


    Inheritance and precedence features are not available in Intune.

    So you need to be very creative with include and exclude functions to have solutions for this kind of scenario.

    I know lots of Intune admins are facing the similar issue.

    I’m sure there more than one Intune user voice items which Microsoft is tracking.

    I’m hoping that Microsoft shall come up with better design to manage policies. I mean better than group policies

    Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .