All / Intune / Powershell

Applicability Rule: Gone but still there

jannikreinhard1 Comment

With the introduction of Assignments filter, the value of Applicability rules has diminished. With Applicability rules you could define on which OS versions a Configuration Profile should work. Unfortunately, the ability to configure or delete applicability rules for some configuration profile types from the console has also been removed. It is to be expected that this can happen piece by piece also for further types. In this blog I want to show you how you can easily remove all applicability rules to switch to filters as soon as possible.

Find the needle in the haystack

Due to the above mentioned change it can happen that certain profile types no longer show the possibility to configure applicability rules via the console. Its really hard to find the root cause what’s the reason for not applicable assignments of configuration profiles.

If you look at such a profile via Graph you can see that there is an applicability rule attached to it. This can lead to confusion and long troubleshooting to find the root cause why a profile does not work on a device.

With assignment filter you can do the same as with an applicability rule but much more and more complex. In one of my blog post I explained how to work with assignment filter.

Remove all applicability rules

To make it easier to switch from applicability rules to assignment filter or if you want to delete an applicability rule that you can’t delete via the UI I wrote a script to make it easier for you. This script goes through allConfiguration Profiles and deletes the ones that still have an applicability rule attached. In the output you can see which profile was adjusted and can then check whether you no longer need them or whether you want to attach a filter to the assignment.

What you have to do:

  • Download the script from my GitHub repository
  • Check if you want to delete all or only specific ones. The script is written to delete all but if you want only dedicated ones you can add the following line:
....
Get-MgDeviceManagementDeviceConfiguration | ForEach-Object {
   if(-not ($_.displayname -eq "name of the profile")){continue}
....

Conclusion

I hope I could help you with this blog to shorten the troubleshooting time for profiles that are not applied for some reason or could help you to get away from applicability rules and switch to the much more powerful filters. If you have the need to automatically create and applied a filter to all existing assignments let me know and I will be happy to add this to the script.

Stay healthy, Cheers
Jannik

Update 02.08.2022

You can also download my script from the PowerShell Gallery:

Install-Script -Name Remove-ApplicabilityRule

One thought on “Applicability Rule: Gone but still there

Comments are closed.