Policy conflict handling mechanism
Currently if a user is part of two user-groups and a policy setting conflicts, the setting is not applied.
For example:- A user is a part of group 'All Company' which allows camera and is also a part of group 'project ABC' which restricts use of camera.
The more restrictive setting should be applied irrespective whether these two groups have parent-child relationship or not.
Brad Ainslie commented
This has to be the worst implementation of configuration policy. When using the OneDrive Automount policy, when a user is in two or more groups, the policy simply fails. How many employees in the typical company are part of multiple groups? This is ridiculous that I can't create a policy for both groups to Automount their oneDrive for business group folder. I was able to use group policy for on premise shared drives, I could map as many drives as I wanted, restricted by group membership and never have a conflict because a user was part of multiple groups. Now that I'm in the cloud, I have to create a new group for everyone who has multiple group memberships and try to keep track of this? It's a nightmare.
Alexander Martin commented
Another possibility would be a way to "rank," "inherit," or otherwise structure profiles so that they have a particular order of application.
Alternatively flagging a policy as "No Override" or similar would be a useful way to resolve this.