Controlling Visibility of a Catalog Item by Adding Conditions
Visibility controls whether a catalog item is visible for a user based on conditions. For each condition you can choose Include or Exclude. If a user matches an include condition, the item is visible. If the user matches an exclude condition, the item is not visible.
Exclude conditions are evaluated first. If a user matches an exclude condition, no further processing occurs and the item is not visible. If there are both exclude and include conditions specified, the user must not match exclude conditions and must match include conditions for the item to be visible.
By default, all catalog items are visible when the Is Enabled Global option is specified. Use the Visibility tab of the Catalog Item Properties dialog box to further customize the visibility of items.
On the Global tab, you can create conditions based on Groups and OU/Administrative Unit, AD Property (Active Directory Properties), and Collections/Intune Groups.
Important:The creation of a condition based upon Active Directory device groups is not supported.
To create a condition, perform the following steps:
To create a condition:
| 1. | Open the Visibility tab of the catalog item’s Catalog Item Properties dialog box. |
| 2. | On the Global > Group and OU/Administrative Unit tab, click the Add Condition button. The Add Condition dialog box appears. |
| 3. | Click the user drop down and select the required active directory (On-Prem or Microsoft Entra ID) from the list. |
Note:The Microsoft Entra ID tenant name appears in the dropdown list only after configuring the Microsoft Entra ID details.
| 4. | Search for the Groups or OUs/AUs you want to add and place a check mark next to the item found. |
| 5. | Click the Select button to add the condition. |
| 6. | After the condition is added, specify the Enforcement option you want to take effect: Include or Exclude. |
| 7. | Select the Apply to OU and child OUs check box to apply this condition to all of the OU’s child OUs. If this option is not selected, this condition is not applied to the selected OU’s child OUs. |
| 8. | Click Save. |
| 9. | Follow a similar procedure to add conditions to the AD Property and Collections/Intune Groups tabs. |