Thanks for reaching out, Its been a while since I looked at this but my gut feeling here is that if it does not work as you expect its probably due to the User being members of both assignments. Have you tried to deploy App A to Device A instead ? Meaning that if you do Required installation to a group that contains devices instead of users you might get the expected result you describe. But you keep the assignment to User for the personal device scenario. Hope this makes sense.
Deploy iOS apps to Intune enrolled devices suing filters
I have the requirement of deploying an iOS Store application with the following requirement:
App A should be deployed as Required for Corporate ownership devices. Same app should be deployed as Available for Personal ownership devices.
User A has 2 devices - Device A(Corporate Owned) and Device B(Personal Owned) App A should be deployed as Required to Device A App A should be made Available to Device B.
I tried to create 2 filters: For Personal owned devices
For Corporate Owned devices
For the below configuration, the application is getting deployed as Required to my Personal owned device as well:
Note: User is present in both the targeted groups.
I am struggling to find a correct combination of filters to achieve my objective.
2 answers
Sort by: Most helpful
-
-
ZhoumingDuan-MSFT 14,465 Reputation points Microsoft Vendor
2024-04-01T02:11:45.1633333+00:00 @Alex, Thanks for posting in Q&A.
From your description, I know you want to have different assignments for iOS apps based on the Ownership of the device.
Based on my testing, filters are only available for devices and apps, and one device group cannot be assigned to both as Required and as Available for enrolled devices, if you assign one group to both Required and Available for enrolled devices, it will include one assignment and exclude other one assignment.
Therefore, it is not suggested that using filters to filter different ownership and deploy apps, however, we can create two dynamic groups, one includes Personal owned iOS devices, and the other include Corporate owned iOS devices, then we can deploy Corporate device group as Required, and deploy Personal device group as Available for enrolled devices.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#rules-for-devices
Hope above information can helpful, if there is any unclear, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.