Forum Discussion

Djaswant's avatar
Djaswant
Brass Contributor
Mar 07, 2024

Block Windows 10/11 Home enrollment

Hi all,

 

I was wondering if it's possible to block/restrict the enrollment of Windows 10/11 Home versions?
Does anyone have any experience with this or knows if it is even possible?

  • Djaswant 

     

    Hi you can't block Windows Home from registering to Intune directly, with some specific policy. What you can do is in the Device Platform Restrictions you can block Personally Owned enrollment. 

    https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-platform-restrictions

     

    This blocks any way an Windows Home version can enroll in Intune. If you need other types of devices to still enroll through Personally Owned you can create an Assignment Filter, see here: create-device-platform-restrictions

     

    ------

    Please click Mark as Best Response & Like if my post helped you to solve your issue.

    This will help others to find the correct solution easily. It also closes the item.

    If the post was useful in other ways, please consider giving it Like.

     

  • Djaswant 

     

    Hi you can't block Windows Home from registering to Intune directly, with some specific policy. What you can do is in the Device Platform Restrictions you can block Personally Owned enrollment. 

    https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-platform-restrictions

     

    This blocks any way an Windows Home version can enroll in Intune. If you need other types of devices to still enroll through Personally Owned you can create an Assignment Filter, see here: create-device-platform-restrictions

     

    ------

    Please click Mark as Best Response & Like if my post helped you to solve your issue.

    This will help others to find the correct solution easily. It also closes the item.

    If the post was useful in other ways, please consider giving it Like.

     

    • Djaswant's avatar
      Djaswant
      Brass Contributor
      Hi Sebastiaan,

      Thank you for responding. I've applied assignment filters on our policies and profiles, so that should be fine., but we don't want any Home devices in our Intune tenant.

      Thank you for the information regarding device platform restrictions, I will look into it!
      Seems like the best way to go at it.
  • NicklasOlsen's avatar
    NicklasOlsen
    Iron Contributor
    Hi,

    Do you want to restrict the enrollment of devices to Intune, or is it also to Azure AD?
    It's necessary for me to understand what you try to achieve because it's not easy to restrict only Windows 10/11 Home machines.

    Enrollment of personally owned devices can be blocked by enrollment restrictions in Intune, as Sebastian is mentioning. However, the user can still register the device in Azure AD 🙂
    • SebastiaanSmits's avatar
      SebastiaanSmits
      Steel Contributor
      Even if he will tell you it wil not help, it is not possible to stop AD Registering (certainly not on some detail like Windows Home). There is some Conditional Access trick with Hybrid Join: see here for example: https://www.reddit.com/r/Office365/s/WnqYrloZnQ

      Device Platform Restriction and stopping Intune Enrollment is the best you can do

Resources