Forum Discussion
Block Windows 10/11 Home enrollment
Hi you can't block Windows Home from registering to Intune directly, with some specific policy. What you can do is in the Device Platform Restrictions you can block Personally Owned enrollment.
https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-platform-restrictions
This blocks any way an Windows Home version can enroll in Intune. If you need other types of devices to still enroll through Personally Owned you can create an Assignment Filter, see here: create-device-platform-restrictions
------
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Do you want to restrict the enrollment of devices to Intune, or is it also to Azure AD?
It's necessary for me to understand what you try to achieve because it's not easy to restrict only Windows 10/11 Home machines.
Enrollment of personally owned devices can be blocked by enrollment restrictions in Intune, as Sebastian is mentioning. However, the user can still register the device in Azure AD 🙂
- Even if he will tell you it wil not help, it is not possible to stop AD Registering (certainly not on some detail like Windows Home). There is some Conditional Access trick with Hybrid Join: see here for example: https://www.reddit.com/r/Office365/s/WnqYrloZnQ
Device Platform Restriction and stopping Intune Enrollment is the best you can do