Dear reader,

I have configured the asset rules en device tagging. 

I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a device tag I configured for exclusion.

The problem i am having is that the devices that need to be excluded, with the device tag “Exclude”

Are also part of the device tag “W11”

I could exclude them from the W11 device tagging but that would mean they would be excluded from all other policies that are targeted to the W11 tag. Which is not desirable.

I was hoping for a solution as how you would deploy in Intune, with includes and exludes groups, but it doenst look like the defender platform supports this. 

I have been testing with exclude entities but this does not give the result i am looking for.

Can someone help me? 

Maybe you had the same issue and found something smart way around this? 🙂

Thank you in advance! 

​Dear reader, I have configured the asset rules en device tagging.  I need to deploy certain apps as unsanctioned to all W11 devices and exclude the same apps to certain devices who have a device tag I configured for exclusion. The problem i am having is that the devices that need to be excluded, with the device tag “Exclude”Are also part of the device tag “W11” I could exclude them from the W11 device tagging but that would mean they would be excluded from all other policies that are targeted to the W11 tag. Which is not desirable. I was hoping for a solution as how you would deploy in Intune, with includes and exludes groups, but it doenst look like the defender platform supports this.   I have been testing with exclude entities but this does not give the result i am looking for.  Can someone help me? Maybe you had the same issue and found something smart way around this? 🙂 Thank you in advance!       Read More

​