I created a policy to filter out devices that contain certain attributes. In a set, the devices should be filtered with these values:
device.deviceOwnership -ne "Company" -and device.trustType -ne "AzureAD" -and device.isCompliant -ne True
and in the second set this value should be filtered:
device.trustType -ne "ServerAD"
These two sets should be represented in a rule that looks like this:
device.deviceOwnership -ne "Company" -and device.trustType -ne "AzureAD" -and device.isCompliant -ne True -or device.trustType -ne "ServerAD"
Each set works as intended, but as soon as I use both, the filtered devices no longer work. I think Microsoft doesn't handle the operators correctly. Actually the rules should be written like this
(device.deviceOwnership -ne "Company" -and device.trustType -ne "AzureAD" -and device.isCompliant -ne True) -or device.trustType -ne "ServerAD"
The brackets are recognized in the role builder but are deleted after clicking "Apply".
How do I have to write the rule so that the filter applies either set one or set two?