Today, I faced a request involving a policy that was applied broadly across the organization to all devices. One user needed to be excluded from this policy. In this post, I’ll walk you through how I resolved the issue.
The initial request was regarding a user who was unable to change the screen sleep settings, which were managed by an Intune policy. Because of this policy, users were unable to make any changes to the power management settings on their devices (refer to Image-1).
This policy controls power management settings, preventing users from changing computer and display settings on their own (refer to Image-2).
We can’t simply edit this policy to exclude a device; instead, we need to use a feature called Filters. Filters allow us to target specific devices or exclude them from certain policies (refer to Image-3).
Steps to Exclude a Device from an Intune Policy Using Filters
Create a filter
- Sign in to the Intune admin center.
- Select Tenant administration > Filters > Create.
- Select Managed devices Image-4
2. Define Filter Properties
In the Basics section, enter the following details:
– Filter name: Enter a descriptive name for the filter. For example, “Windows OS Version Filter”.
– Description: Enter a description for the filter. This step is optional but recommended.
– Platform: Choose the appropriate platform, such as Windows 10 and later (refer to Image-5).
3. Create a Rule for the Filter
In the Rules section, you can create a rule using the rule builder or manually entering the rule syntax.
Using the Rule Builder:
– And/Or: After adding an expression, you can expand it using “and” or “or”.
– Property: Select a property for your rule, such as device or operating system SKU.
– Operator: Choose an operator, like “equals” or “contains”.
– Value: Enter the value for the expression. For example, enter 10.0.18362 for the OS version or “Microsoft” for the manufacturer.
– Click Add expression after setting the property, operator, and value (refer to Image-6).
Using Rule Syntax:
– You can also manually enter the rule expression in the rule syntax editor. Select Edit in the Rule Syntax section (refer to Image-7).
– The expression builder will open. Manually enter expressions, such as (device.osVersion -eq “10.0.18362”) and (device.manufacturer -eq “Microsoft”) (refer to Image-8).
4. Apply the Filter to the Policy
After creating the filter, go to the Power Management Policy and edit it to include the newly created filter (refer to Image-10).
5. Sync the Policy on the Device
Go back to the device and sync the policy to apply the changes (refer to Image-11).
6. Verify the Policy Update
After the policy update, verify that the exclusion has been successfully applied (refer to Image-12).
I hope this guide helps you understand the process of excluding a device from an Intune policy using filters. Let me know if you have any questions 🙂
