Manage device profiles
For a device profile to be applied to an enrolled device, you need to assign the profile to users or devices using Azure (Azure AD) groups.
To assign a device profile using Azure (Azure AD) groups, follow these steps:
- Sign into the Microsoft Endpoint Manager admin center at https://endpoint.microsoft.com as a global administrator.
- Select Devices.
- Under Policy, select Configuration profiles.
- In the list of configuration profiles, if a profile has been assigned, there will be a Yes status under the Assigned column in the list of profiles.
- Select the profile that you want to assign or modify the existing assignment.
- On the Device configuration profile page for your profile, under Manage, select Properties.
- On the Properties page, next to Assignments, select Edit.
- You can now choose to modify the Included groups or the Excluded groups. To select Azure AD groups, you can select Add groups and then select the Azure AD groups, as shown in Figure 2-7. You can select multiple groups by selecting them one at a time, and they will be added to the list of Selected items. Alternatively, rather than selecting each individual group, you can also choose from two predefined groups:
Figure 2-7 Assign a device configuration profile to Azure AD groups
- All Devices
- All Users
- Click Select.
- On the Assignments page, click Review + save, and then click Save.
You can also exclude groups from policy assignment by using the Exclude tab, as shown in Figure 2-7. Care should be taken to ensure that the assignment outcome is as desired.
