Blockers of Intune Silverlight Portal Migration to New Azure Portal

Do you have problems with Intune portal migration? Do you know about the Blockers of Intune Silverlight Portal Migration? Are you waiting to migrate from Intune Silverlight portal to new Azure portal. If so, it’s better to avoid creating NEW Intune groups (in Silverlight console) with any exclusion logic. Otherwise your migration may get delayed further. Also, you need to remediate exclusion logic which you are already using in EXISTING Intune groups. So, what is this exclusion logic and why it’s not supported as part of Intune migration to Azure portal.

Azure AD doesn’t support exclusion logic and moving forward Intune will be leveraging Azure AD groups for targeting policies/applications/profiles to devices. Is your Intune migration is blocked with error “we aren’t ready for you yet”, then you should look at following links and exclusion logics as I mentioned in this post.

Update:- Intune Support Team published a blog post on the similar topic “Intune Migration Blockers for Grouping & Targeting“,, or

First – Exclusion Groups

There is an Exclusion option in Intune groups (Silverlight), if you have used that functionality to exclude some users or devices from your deployments/assignments then you need to remediate those exclusion logics.

Blockers of Intune Silverlight Portal Migration

Second :- Implicit exclusions

Yes, this is more complex than the first exclusion scenario. Even if you never used the exclude members option in Group membership (Silverlight), you can get into an implicit exclude logic if you do the following:-

1. Create a group that doesn’t use All Users as the parent group.
In the following scenario (screen capture), I have created a group called “Helpdesk Group“. Parent group of “Helpdesk Group” is NOT all users rather I used “Intune Group” as the parent group for “Helpdesk Group”. This is what called implicit exclusion of Intune. You need to remediate this option in Intune groups.
Blockers of Intune Silverlight Portal Migration
2. Start with an empty group on the criteria membership page.
3. Include one or more security groups.
Blockers of Intune Silverlight Portal Migration
Remediation of Exclusion logic from Intune Groups:-
One of the Blockers of Intune Silverlight Portal Migration is exclusion logic. My recommendation would be to create new groups without exclusion logic using new dynamic user/device groups options and then deploy the existing apps and policies to those new groups along with old groups for some days. Once you can confirm everything is ok, you can remove the old Intune groups with exclusion logic from respective deployments. If everything fine after above activities then delete the Intune groups with exclusion logic !
Are you an Azure AD Admin ? – Don’t Delete the new groups pops up in Azure Portal :-
Over the next few months, Intune is migrating all Intune groups over to Azure AD groups. What does this mean to you? As an Azure AD admin, you’ll start to see Intune groups in your Azure AD infrastructure. Please do not delete these groups; they’ll pop in there in preparation for migration, then will be populated by our migration engine.
Now your tenant is ready for Intune Silverlight console to Azure Portal migration 🙂
Reference Details:-
More details in the Communication from Microsoft here

Sharing is caring!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.