You can include/exclude:
Through these filters, the configurations excluded from the Sync will not be known to Configuration Manager at all. They won't be backed up, and Configuration Manager won't monitor them for changes.
Configuration filters vs. Hide
Configuration filters (in Sync) and Hide (in Reconcile) appear similar but have crucial differences:
- Hide: configurations that are hidden in Reconcile are backed up, and Configuration Manager will monitor them for changes, but no changes will be made to them.
- Configuration filters: configurations excluded from the Sync will not be known to Configuration Manager at all. They won't be backed up, and Configuration Manager won't monitor them for changes
Understanding Configuration filters
There are two Configuration filters:
Included
Include allows you to specify the only Configuration Types or individual configurations that you want Configuration Manager to Sync.
The include filter is essentially an absolute exclude filter. Everything not specified in the filter will be skipped.
This means that if you specify “Conditional access policies” in the include filter, Configuration Manager will ONLY include those configurations in the Sync, and all other configurations will be excluded. If you save this setting and run a Sync, every configuration in your tenant will be skipped except for “Conditional access policies”.
Excluded
These filters allow you to select either a Configuration Type or an individual configuration for Configuration Manager to exclude from the Sync. This means Configuration Manager will not sync it. All other configurations will be synced.
For example, if you do not want Configuration Manager to sync “Conditional access policies”, you can add an exclude filter for conditional access. During the Sync, Configuration Manager will detect the conditional access policies and skip them. No actions will be performed—Configuration Manager will neither back them up nor write changes to them.
You can use Exclude in the following situations:
- If there is a specific configuration that is sensitive and you don't want that information going to a third-party tool. By excluding them, Configuration Manager won't have access to those configurations.
- If a policy is causing the Sync to fail you can exclude that configuration to temporarily bypass the error. This allows the Sync to resume and continue using Configuration Manager while Support addresses the issue with that configuration.
Please note that include filters take priority over exclude filters.
When use include/exclude filters together
Exclude filters can be used alongside Include filters to exclude individual configurations within the included Configuration Types in a Sync.
For example, if you include the following Configuration Type:
Intune > Apps
in the Sync, only Intune applications will be synced. To exclude a specific application like Google Chrome, you can add an Exclude filter for the individual configuration:
Intune > Apps > Google Chrome
This setup will Sync all Intune applications except Google Chrome.
Apply Configuration filters to baselines
If configuration filters are applied to the baseline tenants, they also get applied to all downstream tenants under that baseline.
- If you want to exclude a policy from all downstream tenants under a baseline, add that exclusion to the baseline, and all tenants under that baseline will also get that exclusion.
- If you want to exclude a configuration from one specific downstream tenant, add it to that one tenant only.
Apply Configuration filters
Include/exclude a Configuration Type
Click on “+ ADD”
From the pop-up that appears, select the Configuration Type that you wish to include/exclude from the drop-down menu. You can select multiple items by checking the related checkboxes.
If you include/exclude a Configuration Type, all the individual configurations under that Configuration Type will be included/excluded. If you want to include/exclude only specific configurations, proceed as follows:
Include/Exclude an individual configuration
To include/exclude only one or more individual configurations under a Configuration Type, first add the Configuration Type.
Then, click on “Add configuration” and type the name of the configuration.