This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 55.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi
I'm probably missing something obvious, but I was wondering how I could deploy an app or configuration profile and limit it to compliant devices. Conditional access obviously isn't the solution as it's only for accessing cloud apps. I guess a dynamic group wouldn't work either as it'd require Intune enrollment to get the compliance data. Any ideas?
Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
For configuration profile, there is applicability rules, which allows to deploy the profile based on the combined criteria in the rule. However, currently, there are only two properties: OS edition and OS version. There is no compliant status. For more details about applicability rules, please click this link. https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create#applicability-rules
I think the best way is to create a dynamic group, but again, there is no property for device compliance in the dynamic group rule. For the details about dynamic group rule, please click this link. https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
Thus, it's not supported for deploy configuration profiles and apps to the compliant devices only. I would recommend to submit a feature request on the Intune uservoice site by click the following link.