Like most polices on intune you can assign them to groups. You will have to create the groups first and then go in and modify the group assignment under the "assignments" tab. You can always create a test group and move the polices over. You can have one policy apply to multiple groups as well. That is how I have things set up for a hands off assignment. I have rules creates which are assigned to groups, when devices get enrolled I have rules set that if the device = model xxxxx it automatically gets assigned to a group. All apps are also a part of groups so depending on the group depends on what apps get installed per device. It makes everything nice and easy. Configuring it was a pain though lol
I have an (incorrectly configured) Intune instance I am trying to clean up for a project, currently have a bit of an issue where it appears that most policies were scoped either to all users or all devices.
The goal is to leave the existing managed devices as is (they will get autopilot'd when re-deployed at a later date) and set things up for proper zero touch from this point onwards (leaving the existing assignments as all users/devices is no bueno)
Apart from auditing each profile and making manual group/s for the targeted devices I'm not too sure how to remove the all users/devices assignment on the existing profiles...
Anyone got any ideas?