Forum Discussion

ftrout's avatar
ftrout
Brass Contributor
Sep 05, 2021

Block Windows 10 Personal Devices GCC-High

I have a customer that is looking to block Windows 10 personal devices within GCC-H. Since this environment still does not have Autopilot available and all their Windows 10 devices are AAD joined, it's not as simple as blocking it through device enrollment restrictions.

 

Wondering if anyone has come across this and found a solution.

  • djmehs's avatar
    djmehs
    Copper Contributor

    ftrout we had to use Enrollment Restrictions. It's a real headache to manage, but basically we have a security group of users who are allowed to enroll any device (including Windows devices). We block everyone not in that group from enrolling PCs in Intune.

     

    When a user needs to set up a new computer and enroll in Azure AD and Intune via the OOBE, we add them to the group temporarily then remove them again once they complete the OOBE.

     

    It's been a real nightmare to manage and not having Autopilot in GCC-H yet has really been hurting us. I feel like it should be a priority for them but that doesn't appear to be the case. I think that's the one feature from Commercial that's been the hardest to live without since we migrated.

    • ftrout's avatar
      ftrout
      Brass Contributor
      I feel your pain, it seems like the only option is to think outside the box on this one. Thank you for your reply!

Resources