Forum Discussion
Block Company Portal Enrollment for BYOD Devices
Hi Buddy
You can create multiple platform restriction policies and assign, you DON'T have to use the default one.
Also have a look APP filters:
Create filters in Microsoft Intune | Microsoft Learn
Stuart
Thanks, there looks to be some options here I can test with. The person who set this up before bascially did one enrollment policy for all users regardless if it was a BYOD or Corporate owned device. Corporate owned devices are pushed via Apple Business Manager into Intune. The policy looks like it basically states All Intune Licensed users can enroll their device using company portal. However, any users in a NOAccess group is blocked from enrollment.
My thought was adding a new group that is also blocked but is in the allow access for the App Protection policy. There was also a policy that required company portal for Outlook access. I put the group used for App Protection in the exclude which allowed them to connect without Company Portal.
One test I did was any user in the NoAccess group is not able to connect even if they are in the app protection policy group. Just trying to be careful so I don't inadvertently block access.