App Phased deployment in Intune

Intune, M365 1 Minute

App Phased deployment in Intune

In this article, Iā€™d like to cover the following scenario where youā€™re piloting an Endpoint solution in 2 phases where phase1 the new tool runs side-by-side with existing antivirus and in the phase2 thereā€™s a detection script that detects and removes existing antivirus then push new Endpoint Protection solution.

Topics:

  • Intune Application
  • Intune Filters: used to prevent existing CORP Apps to be reinstalled.
Phase Features Targeted devices Notes
Phase1 Norton read-only

Side by side with existing Antivirus

 Norton Install Phase 1 (sec. group) Pilot phase 1 cloud-based security group – assigned members
Phase2 Norton policies enabled.

Any detected Antivirus is removed from the Device

 Norton Install Phase 2 (sec. group) Pilot phase 2 cloud-based security group – assigned members

How to prevent Antivirus part of CORP core apps targeted to All managed devices from being reinstalled on Phase2 devices?

  1. Create a Filter in Intune
    1. Go to Tenant admin – Microsoft Intune admin center (Tenant Admin \ Filters \ )
    2. Create your Filter
      1. Name:
      2. Description:
      3. Platform:
  1. Rules: Here you need to add all devices one by one using ā€œORā€ to make sure all devices will be properly resolved
    1. Rule syntax:
      1. Single device: (device.deviceName -eq “M365-6521”)
      2. Multiple devices: (device.deviceName -eq “M365-6521”) or (device.deviceName -eq “M365-9492”)
    2. Go to the CORP application ā€œCORP ā€“ Default Antivirusā€
      1. Go to Apps \ Windows \ search for your App Name
      2. Click on the app
      3. Go to Properties
      4. Scroll down to ā€œassignmentsā€
      5. Click edit
      6. Under the ā€œrequiredā€ assignment find the targeted Group
      7. Click on the ā€œfilterā€ column
      8. Under filters
      9. Select ā€œExclude filtered device in assignmentā€
      10. Select the Filter you created in step #1 and check the ā€œselected filter optionā€
      11. Click ā€œSelectā€ ā€“ blue button in the bottom of the page/tab
      12. Then click in ā€œReview + saveā€ to save the changes to this application

Filters might take up to 24 hours to replicate their changes on the devices.

Click on Home \ Devices \ Windows \

Search for the targeted device that was added to the filter.

Under Monitor select ā€œfilter evaluationā€

Make sure the filter you assigned this device to is listed as ā€œfilter evaluatedā€. Otherwise, double check filter or open a ticket with Microsoft.

Screenshots

Create Filter Order

Intune existing devices list

Populating Norton Phase 2 sec. group

Cheers,

Thiago Beier

Published by Thiago Beier

IT Solutions Architect

Published

2 thoughts on “App Phased deployment in Intune

  1. Pingback: Automated filter rule update in Intune – Thiago BeieršŸ
  2. Pingback: Intune Newsletter - 10th March 2023 - Andrew Taylor

Comments are closed.