Exclude Devices from an Intune Policy

This Microsoft Intune post will show how to exclude managed devices from an Intune policy.

Excluding devices from an Intune policy can be beneficial in cases where we need to install an application, test functionality or enable a group of users to work on a task that Intune blocks.

Microsoft Intune allows us to exclude devices using Groups per policy basis. For example, we can exclude devices from security, compliance, and baseline policies.

Exclude Devices

First, we must create an Entra ID security group (static or dynamic) to exclude a single device or a group of devices from an Intune policy.

Add the computers or users (not both_ that you need to exclude from the group using the members option.

Once the group is created, go to any existing or new policy and use the Exclude option in the assignment section to add the security group.

Once you add the exclusion, you can sync a device excluded from the policy.

Related Articles

Visit our YouTube channel

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.