In this post, we will dive into the process to exclude devices or users from Intune app assignments. Intune allows you to control app access by assigning groups of users to either include or exclude.
The feature to exclude specific groups of users or devices from an app assignment can be useful in situations where certain users or devices should not have access to a particular app for various reasons, such as security concerns, licensing limitations, or simply because the app is not relevant to their needs.
However, before you assign these groups to the app, it’s necessary to set the assignment type, which determines whether the app is available, required, or uninstalled.
Another benefit of excluding users or devices from an app assignment in Intune is that it can help you to manage app usage more effectively. Admins can better track app usage and identify potential issues by ensuring that users and devices only have access to the apps they need.
Overall, Excluding specific groups of users or devices from an app assignment in Intune is a useful feature when you make the app available by including a large group, and then narrowing the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.
- Intune Win32 App Deployment Step By Step Guide For ITPros
- Create AAD Dynamic Groups Based On MDM Intune SCCM Management
How to Exclude Devices or Users from Intune App Assignments
To exclude specific groups of users or devices from an app assignment in Intune, follow these steps, If you want to remove users or devices from ongoing deployment, you can create a new Azure AD group and add the members you want to exclude to it.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/.
- Select Apps > Windows. Select the existing application from the list, you want to exclude from users or devices. For Example, I will be selecting Bitwarden Password Manager.
Once you choose the application, Click on “Properties”. Scroll down to find the “Assignments” section and click on “Edit” within that section.
App availability can be set based on the assignment type. Assignment type can be Required, Available for enrolled devices, or Uninstall. Here the application Assignment type is Required to make this app required for all users or make this app required on all devices.
To Exclude the selected user or device groups, click on Add Group, and then choose Select Groups to include one or more groups. Ensure the device or user you try to exclude is added to the selected group.
Under “Assignments”, you will see Group mode is set to “Included”. Click on the Included button to select exclude groups, and then select the groups of users or devices that you want to exclude from the app assignment.
When you add a new group, it will automatically be set to the Included mode. However, if you need to change this, you can click on the Excluded option for the newly added group, here you can see the mode switched to Excluded, and then click OK to save your changes and complete all the steps.
Note! The excluded option is not available for “all users” and “all devices” built-in assignment groups. If a group has already been assigned as included under a different assignment, then the option to change the mode will not be available.
| Assignment Settings | Configured |
|---|---|
| Mode | Excluded |
Once configuring the app assignment mode to exclude, prevent a group from receiving the assignment. The next screen will appear with the Summary, Review the selection, and Click Save.
In the last step of the edit application step, A notification will appear automatically in the top right-hand corner with the message “Application saved successfully.”
After you have excluded specific groups of users or devices from an app assignment, those users or devices will not be able to use the app once you removed them if already provisioned. It is important to note that this feature only applies to Intune app assignments, and does not prevent users or devices from manually installing the app from other sources.
Video: Supported Application Types in Intune
In this video, you will get the details on Supported Intune Application Types. This video also explains about Limitations of each app type and Important Considerations while making Intune Design Decisions.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.