Share via

Policy applied to local user

Raul Guchinife 140 Reputation points
2023-05-23T06:54:48.6733333+00:00

Hello

If I apply a policy to a user who has enrolled with intune on a computer that is not synchronized with adsync, does this policy apply to all local users who log on to that computer?

In the tests that I am doing, I see that the policy is only applied when I login with the local user that made the enrollment, when I login with any other local user the policy is not applied.

Without applying the policy at the computer level and applying the policy at the user level, how do I make the policy apply to all local users?

Thanks.

Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other
0 comments
Answer accepted by question author
  1. Carlos Solís Salazar 18,291 Reputation points MVP Volunteer Moderator
    2023-05-24T00:06:49.5266667+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    I understand that you require set configurations at the device level, correct?

    You can Manage your devices and control device features in Microsoft Intune

    Diagram that shows organization owned and personal devices in the Microsoft Intune admin center and using compliance policies and Conditional Access for resource access.

    Many organizations allow personally owned devices to access organization resources, including email, meetings, and so on. There are different options available and these options depend on how strict your organization is. For many organizations, it's common to create device groups. Device groups are Azure AD groups that only include devices. They don't include user identities. When you have device groups, you create policies that focus on the device experience or task, like running a single app or scanning bar codes. You can also create policies that include settings that you want to always be on the device, regardless of who's using the device.

    Source: https://learn.microsoft.com/en-us/mem/intune/fundamentals/manage-devices

    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,516 Reputation points
    2023-05-24T01:39:29.02+00:00

    @Raul Guchinife Thanks for posting in our Q&A.

    For this issue, if you deploy a policy to a user group, this policy only applies to the Azure AD users included in this user group and not applies to all local users.

    If you deploy a policy to a device group, this policy will apply to the device level and not matter who sign in this device.

    However, there is no method to make the policy apply to all local users without applying the policy at the computer level and applying the policy at the user level.

    Hope it will clarify something.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.