![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,743 questions
@Anonymous Thanks for posting in our Q&A.
When you assign a policy to a dynamic device group, it means that the devices matching the rule in the dynamic device group will apply this policy. It is focused on devices. If there is no user signing in the device, the target device still apply this policy.
When you assign a policy to all users, it means that all users in this tenant will apply this policy. It is focused on users. If there is no user signing in the device, this policy isn't applied.
From your description, did you mean that you assign a compliance policy to all users and add your Admin PC in Excluded groups? If yes, it is not supported. Please don't mix user group and device group in assignment.
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-assign#support-matrix
If you want to deploy this policy to all users, but don't want to deploy it to your Admin PC, it is suggested to create a filter for your Admin PC and use this filter under this policy's assignment.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters
Hope it will clarify something.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.