Limit this policy to the following users... or computer groups???

Sounds like you're referring to the wording when creating a policy via the assistant, correct? If so, the wording I see is "limit the scope of this policy to specific user groups" and yes it only applies to User Groups, like AD groups, not Computer Groups. You'll need to use Smart or Static groups in the JSS if you need to limit it to those.
Someone correct me if I'm wrong about that.

AD groups can be machine based as well and thats what I am referring to.

TBH I have not tested it.

I assumed that it was based on the login passed to Self Service if you have logins enabled, which is how I use it, but I do not *KNOW*

Try it and let us know! :D

I was hoping someone had the answer so I wouldn't have to add this to my growing list of things to do :(

To be clear I am actually trying to use this for MCX's. I noticed this limit this policy to... option and it accepts a machine group. Currently I am using an Extension Attribute I wrote to pull down the AD group.

AD groups can be machine based as well and thats what I am referring to.

True, but my understanding of this feature was that it did not apply to machine groups, only user based. Again, I could be wrong, but that's how I understand it currently.

Do I smell a Feature Request!

Hey Matt,

Not sure exactly what you are trying to scope, but I am willing to bet a smart group based off an extension attribute could accomplish this. You want to scope to OD computer groups? Have you looked into that method yet?

Thanks,
Tom

Yea for me it woud be a Smart Group based on computer name which reflects the OUs in AD but what he wants to do is an interesting question. ;)