Use Case Scenario – Device Exclusion from Intune Policy

Today, I faced a request involving a policy that was applied broadly across the organization to all devices. One user needed to be excluded from this policy. In this post, I’ll walk you through how I resolved the issue.

The initial request was regarding a user who was unable to change the screen sleep settings, which were managed by an Intune policy. Because of this policy, users were unable to make any changes to the power management settings on their devices (refer to Image-1).


Image-1: Screen Sleep Settings Managed by Intune Policy

This policy controls power management settings, preventing users from changing computer and display settings on their own (refer to Image-2).


Image-2: Power Management Settings

We can’t simply edit this policy to exclude a device; instead, we need to use a feature called Filters. Filters allow us to target specific devices or exclude them from certain policies (refer to Image-3).


Image-3: Using Filters in Intune

Steps to Exclude a Device from an Intune Policy Using Filters

Create a filter

  1. Sign in to the Intune admin center.
  2. Select Tenant administration > Filters > Create.
  3. Select Managed devices Image-4


Image-4: Creating a Filter in Intune


2. Define Filter Properties

In the Basics section, enter the following details:

Filter name: Enter a descriptive name for the filter. For example, “Windows OS Version Filter”.

Description: Enter a description for the filter. This step is optional but recommended.

Platform: Choose the appropriate platform, such as Windows 10 and later (refer to Image-5).


Image-5: Selecting the Platform

3. Create a Rule for the Filter

In the Rules section, you can create a rule using the rule builder or manually entering the rule syntax.

Using the Rule Builder:

And/Or: After adding an expression, you can expand it using “and” or “or”.

Property: Select a property for your rule, such as device or operating system SKU.

Operator: Choose an operator, like “equals” or “contains”.

Value: Enter the value for the expression. For example, enter 10.0.18362 for the OS version or “Microsoft” for the manufacturer.

– Click Add expression after setting the property, operator, and value (refer to Image-6).


Image-6: Rule Builder in Intune

Using Rule Syntax:


– You can also manually enter the rule expression in the rule syntax editor. Select Edit in the Rule Syntax section (refer to Image-7).



Image-7: Rule Syntax Editor

– The expression builder will open. Manually enter expressions, such as (device.osVersion -eq “10.0.18362”) and (device.manufacturer -eq “Microsoft”) (refer to Image-8).


Image-8: Manual Rule Expression


Image-9

4. Apply the Filter to the Policy

After creating the filter, go to the Power Management Policy and edit it to include the newly created filter (refer to Image-10).


Image-10: Adding the Filter to the Policy

5. Sync the Policy on the Device

Go back to the device and sync the policy to apply the changes (refer to Image-11).


Image-11: Syncing the Policy on the Device


6. Verify the Policy Update

After the policy update, verify that the exclusion has been successfully applied (refer to Image-12).


Image-12: Policy Update Verification

I hope this guide helps you understand the process of excluding a device from an Intune policy using filters. Let me know if you have any questions 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *