This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 77%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
We have configured for IOS, Android and Windows Compliance Policies and Configuration profiles. we have Hybrid infrastructure and we enabled automatic enrollment for hybrid Azure AD devices.
Not all the users in organization will have Intune license. in this case, should I assign the policies based on the users or the devices ?
Usually if all users have Intune license I configure dynamic group based on devices OS and apply it to the policies.
Please advise.
Thank you,
If it is not Co-management, then users will need a full Intune license regardless of policy assignments.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Abdullah Salem, Thanks for posting in Q&A.
In General, to enroll device into Intune to be managed, Intune license is required. We can choose user related license like Microsoft Intune Plan 1 or device only license for some specific enrollment methods. Here is a link with more details for your reference:
https://video2.skills-academy.com/en-us/mem/intune/fundamentals/licenses
To assign policies, both licensed user group or device group are supported. In General, use device groups when you don't care who's signed in on the device, or if anyone signs in. You want your settings to always be on the device. use user groups when you want your settings and rules to always go with the user, whatever device they use. You can choose the group according to your requirement, Here is a link with more details:
For any useless device, like shared devices, co-management via device credential, you can assign the policy to these devices separately via device group.
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Abdullah Salem, Hope things are going well. I am writing to see if there's anything unclear of the above information. If yes, feel free to let us know.