I recently started piloting patch management and needed the ability to exclude a number of device groups from a scope. We were already using Endpoint Manager for 3rd party patching using a simple task/scope targeting all workstations. The problem was that the task was overwriting the reboot settings of the agent configuration for devices in the patch pilot. I needed to create a new scope for all workstations that excluded all devices in the pilot (which were in multiple device groups in Endpoint Manager).
To accomplish this I did the following:
- Created a dummy scheduled task and used my pilot device groups as targets in the task (you can also use a query, a scope, or individual devices here)
- Created a query that excluded machines that were part of this task
…and created a scope using that query
This new scope is what I used as a target for my legacy 3rd party task. This is an easy way to exclude exclude a scope/device group/query from another scope/query. This can be very handy for more complex targeting.