Option to set Security scope on ADRs
ADRs do not have the option to set a security scope. In an environment with multiple departments making their own ADRs for their dept's devices, it would be useful to be able to set a security scope on the ADR itself like you can with the SUGs and Deployment Packages
Is there any progress on this? The fact that we can't control security scopes on ADRs or the SUGs generated by them is crazy. We authorize a number of teams to use SCCM in our organization and we don't want all of them being able to tamper with the patch loadout for (say) our domain controllers. AFAICT, when an ADR creates or updates an SUG, it just adds all security scopes to it.
We've moved away from ADRs now for our most sensitive requirements, but we'd really like to go back to using them. Any effort in this area would be appreciated.
Peter Egerton commented
I was about to create new UV item but realised I already supported this. I would additionally like to see this on Servicing plans for Windows 10, which for all intents and purposes I understand are just ADRs.
Fran B commented
If it helps, even though all users can see all ADR rules, seems that each user will only be able to edit ADR rules deployed to collections where they have rights, or at least that's what it looks like.
Benjamin Meis commented
And make it so that when the ADR runs it either doesn't mess with scope on the SUG or sets it to the scope assigned to the ADR! Currently when it runs a lot of factors can cause it to blast a whole bunch of scopes to an existing SUG it is updating.
Matt Murray commented
I have this same problem, multiple departments who need to be able to control updates to their devices. This would be very useful!