Are you waiting to migrate from Intune Silverlight portal to new Azure portal. If so, it’s better to avoid creating NEW Intune groups (in Silverlight console) with any exclusion logic. Otherwise your migration may get delayed further. Also, you need to remediate exclusion logic which you are already using in EXISTING Intune groups. So, what is this exclusion logic and why it’s not supported as part of Intune migration to Azure portal. Azure AD doesn’t support exclusion logic and moving forward Intune will be leveraging Azure AD groups for targeting policies/applications/profiles to devices.
Update:- Intune Support Team published a blog post on the similar topic “Intune Migration Blockers for Grouping & Targeting“
First – Exclusion Groups
There is an Exclusion option in Intune groups (Silverlight), if you have used that functionality to exclude some users or devices from your deployments/assignments then you need to remediate those exclusion logics.
Second :- Implicit exclusions
Yes, this is more complex than the first exclusion scenario. Even if you never used the exclude members option in Group membership (Silverlight), you can get into an implicit exclude logic if you do the following:-
2. Start with an empty group on the criteria membership page.
3. Include one or more security groups.
Now your tenant is ready for Intune Silverlight console to Azure Portal migration 🙂