Exclude Azure Group / Office 365 Group Option

It’s becoming quite difficult to replicate the assignments in Intune when migrating deployments to ImmyBot, purely as we are lacking exclusion functionality for Azure Group / Office 365 Groups.

As we’ve already had conversations with our customers about the [security group] assignment logic for the intune applications, i’m having to leave some older version applications in Intune and then target an Update if Found deployment at tenant level in ImmyBot to sort.

A tickbox to the right of “Azure Group” saying “Add exclusions”, then it pops out with another search box to add the exclusion would be great.

Also being able to target multiple Azure Groups in one deployment would be good too as currently we have to create multiple deployments of the same application at tenant level to deploy to multiple Azure Groups.


So can you provide an example of what you’re trying to accomplish? I understand that it would be easier in certain cases to be able to leverage exclusions, but so far in 3.5 years I have yet to have an issue creating deployments that weren’t able to precisely target the proper machines without the use of exclusions.

Heya, yep so our customer wants Adobe Acrobat to go out to the majority of users (via AAD security group) except the ones that are members of another group which deploys Adobe Creative Cloud. Exclusions would sort this one pretty quickly, and I’m trying to stay away from tagging machines with specific software tags and just using security groups. Cheers!