Share via

What type of groups can be used for assigning target to a intune policy and what type of entity doe they allow

Narinder Paul 51 Reputation points
2024-07-31T12:31:11.1566667+00:00

Hi, I have configured compliance policy, configuration profile and app policies. All these supports groups to be added as a target to apply the policy. But Microsoft 365 provider different type of groups for different use cases like distribution group, site group or security group. And the member of the group is a directory object which can be a device, user, service principal or group itself.

I have these queries below:

  1. What type of groups can be used for assigning targets to the policy. In Admin Center, i have lots of group and I don't see all those group when I am selecting group in the Intune policy for assignment? Why is that
  2. What type of entities that group or list of groups (from Query 1) support like user, device or AD application?

In microsoft documentation, i read we can use security or mail-enabled security groups for assigning the targets in intune policy and a security group can have user, device, group or service principal objects. Is there any other type of entity that is also supported in the group?

Thank you

Microsoft Security | Intune | Microsoft Intune Android
Microsoft Security | Intune | Configuration
Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other
0 comments
Accepted answer
  1. Anonymous
    2024-08-01T01:45:33.2466667+00:00

    @Narinder Paul Thanks for posting in our Q&A.

    1.Only security-enabled Microsoft 365 Groups are supported in intune. So the groups that you don't see may not be security-enabled Microsoft 365 Groups. Here is some information about adding a new group in intune:

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/groups-add#add-a-new-group

    https://learn.microsoft.com/en-us/entra/fundamentals/concept-learn-about-groups#group-types

    2.Microsoft 365 Groups can only support users.

    Security groups support users, devices, service principals, and other groups. However, please don't mix users and devices in a group. Mix users and devices in a group may cause some unexpected problems。

    Hope it will give you some ideas.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-07-31T12:31:11.16+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Intune policies can be assigned to Microsoft Entra groups, which can be either assigned groups or dynamic groups. Assigned groups are manually created and populated with users or devices, while dynamic groups are automatically populated based on rules created by the admin.

    In terms of entities that can be included in a group, Microsoft Entra groups can contain users, devices, or other groups. However, it is important to note that not all groups in the Microsoft 365 admin center are visible in the Intune admin center for assignment to policies. Only security-enabled Microsoft 365 groups can be used for policy assignment in Intune.

    Therefore, to answer your questions:

    1. Only security-enabled Microsoft 365 groups can be used for assigning targets to Intune policies. The reason why you don't see all the groups from the Microsoft 365 admin center in the Intune admin center is because only security-enabled groups are visible for policy assignment in Intune.
    2. Security-enabled Microsoft 365 groups can contain users, devices, groups, or service principals.

    References:

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.