Introduction
Endpoint Admin Assignment Profiles allows Endpoint Admin users to deploy applications to specific Azure groups for one or multiple applications.
Endpoint Admin will make use of the assignment functionality from Microsoft Intune, as well as reading Azure AD groups from the Microsoft Graph API allowing users to configure assignments for an individual group.
The assignment functionality can be found on a given Win32 app on a given Microsoft tenant on the following URL: https://endpoint.microsoft.com and comes in 3 different categories "Required", "Available" and "Uninstall", all with multiple options:
Key features
- The Assignment Profile is a feature that let users create a configuration logic for the Azure groups and save the configuration in a profile for more easily re-usability.
- An Assignment Profile requires only a name to be created, the group(s) can be added later to the Assignment Profile.
- An application can only be assigned to one Assignment Profile at a time.
- You have the option to create, delete, copy or edit an Assignment Profile after creating the Assignment Profile.
- The Assignment Profile has 3 group categories: "Required", "Available", "Uninstall".
- To each Assignment Profile group category, you can add Azure groups.
- Azure groups can have the mode of "Included" or "Excluded". An Azure group will be included, automatically, in the first assignment group category you add the Azure group to, but excluded if added to the rest. E.g.: you add the azure group "All users" first to the Assignment Profile group category "Required" and next to "Available". It will be included in the first Assignment Profile group category "Required" but excluded in "Available". You can manually change the to include mode for Assignment Profile group category, but it will be automatically excluded from rest.
Assignment Profile walk through
Create a new Assignment Profile
To create a new Assignment Profile first you will have to access Assignment Profiles page under the applications tab in the sidebar menu.
On the Assignment Profile page, there will be a list containing all Assignment Profiles created with additional information like the number of applications that the profile is assigned to (1. Applications). The number of Deployment Schedules an Assignment Profile is used in (2. Deployment Schedules). And the last time it was updated (3. Last Updated).
To create a new Assignment Profile click on the "+ New profile" button.
After clicking on the button "+ New profile" you will be redirected to another page where the Assignment Profile is created, and you can give the new Assignment Profile a name and optionally add Azure groups to the different assignment categories: Required, Available and Uninstall. Settings can be save using the save button.
After clicking on the "+ Add group" button under one of the 3 assignment categories, a popup will open where you can select the Azure groups that you want to be affected by the Assignment Profile.
It is important to know that each Azure group can only be added once as "Included" to one of Assignment Profile categories.
- For example, if we add the Azure group "All Users" to "Required" and "Available", the "All users" will be included in the first assignment group "Required", and excluded to the other assignment group "Available".
You have the option to manually include "All Users" in the second assignment group category "Available" where it was excluded before, but then it will be excluded from the first assignment group category "Required" automatically.
After creating a new Assignment Profile, you have the option to view details, copy, edit or delete the Assignment Profile, by clicking the 3 dots on the right side, to expand a meatballs menu with the 4 options:
-
- First, the Details option: This will show the Assignment Profile in a read-only view, with no save button:
- Second, the copy options which will create a new Assignment Profile with the exact same groups selected and with the same name, but with no application assigned:
- Third, the edit option which opens the Assignment Profile and you can change its Azure groups or name.
- Fourth, is the Delete option that will delete the Assignment Profile.
Assign a profile to an application
Important, an application can have ONLY ONE Assignment Profile assigned at a time.
After the Assignment Profile is created, You can assign a Assignment Profile to an application, from the public and private repository page by clicking on the 3 dots on right side next of an application. This will expand the meatballs menu.
- When you select the assign profile option from the meatballs menu, it will open a new pop-up window with all the Assignment Profiles created on that subscription from which the you can choose:
- You can ONLY assign a profile to deployed applications from private and public repositories. If the application is not deployed, the assign profile will be greyed out under the meatballs menu:
- Another option is the "Clear Assignment Profile" which will remove the Assignment Profile from that application.
- When you have assigned a profile to an already deployed application, the name of the Assignment Profile will appear under the "Assignment Profile" column:
- After assignment, the "Assigned" state will change to "Yes" in the Intune that is integrated with your Endpoint Admin subscription:
- If you access the properties of the application, you can see the Assignments in Intune match the Assignment Profile in Endpoint Admin:,
- If you choose to "Clear Assignment Profile" of an application the "Assigned" status in Intune will transition from "Yes" to "No" and it will clear Azure group from the application under Required, Available and Uninstall:
FAQ
- I'm try to assign my new Assignment Profile to an application, but it is greyed out?
- You can only assign an Assignment Profile to an application that is already deployed to your Intune.
- I wish to deploy an application in stages, based on days from a application is updated/created or on dynamic dates – like second Tuesday of the month - How can I accomplish this with Assignment Profile?
- You can use Deployment Schedules for this purpose, which make use of Assignment Profile to accomplished this goal. Click the link here, to learn more about Deployment Schedules.
- Can I use the same Assignment Profile on more than one application?
- Yes can use the same Assignment Profile, on as many applications as you like. But only one Assignment Profile can be assign to an application at a time.
Comments
0 comments
Please sign in to leave a comment.