Hi,
I need someone to explain to me how policies/profiles are assigned, when I am supposed to assign it to users and when I am supposed to assign it to devices. I have read a lot, but still not quite get a hang of it so if someone could give me a hand 😊
Example 1
I have groups in Azure AD called Intune-Devices and Intune-Users that are populated.
I create a Compliance policy with the following settings
My question then is, how should this policy be assigned
Intune-Devices and Intune-Users
Or
Intune-Devices
Or
Intune-Users
The reason for asking is, say for example “Require Bitlocker” and “Require code integrity” I guess this is a Device setting. But then again, “Password expiration 180days” I guess is User setting. So If I don’t apply this compliance policy to both users and devices it will “fail”.?
Example 2
I have groups in Azure AD called Intune-Devices and Intune-Users that are populated.
I create a Configuration profile with the following settings

My question then is same as above, how this profile should be assigned
Intune-Devices and Intune-Users
Or
Intune-Devices
Or
Intune-Users
The reason for asking is, say for example “Turn of Autoplay” I guess this is a Device setting. But then again, “Use OneDrive Files On-Demand” I guess is User setting. So, If I don’t apply this configuration profile to both users and devices it will “fail”.?
Thanks for any reply.
/Regards
Andreas