Forum Discussion
Documentation about Inune only enrollment on Microsoft Docs and use cases
Hello, I was reading this doc: https://docs.microsoft.com/en-us/archive/blogs/nzedu/10-ways-to-enroll-windows-10-into-intune and to view all of the 10 ways, it was suggested to go to this page:...
- If you don't do an Azure AD join, the user doesn't login with his AAD credentials. This isn't desired
A user can always change policies if the user is a local admin on his device. With this enrollment method this is always the case.
I would strongly advise that a user isn't a local admin. You can use the site I linked above to check what enrollment suits you best
Thank you, appreciate that!
I'm just trying to evaluate different approaches. I think if a device is only joined to MDM and not AAD, it is less secure and less controlled, right? because the user still has full Admin rights.
and more importantly, the group policies that I set in MDM for that device, can be changed by the user of that device, am I right?
I'm just trying to evaluate different approaches. I think if a device is only joined to MDM and not AAD, it is less secure and less controlled, right? because the user still has full Admin rights.
and more importantly, the group policies that I set in MDM for that device, can be changed by the user of that device, am I right?
If you don't do an Azure AD join, the user doesn't login with his AAD credentials. This isn't desired
A user can always change policies if the user is a local admin on his device. With this enrollment method this is always the case.
I would strongly advise that a user isn't a local admin. You can use the site I linked above to check what enrollment suits you best
A user can always change policies if the user is a local admin on his device. With this enrollment method this is always the case.
I would strongly advise that a user isn't a local admin. You can use the site I linked above to check what enrollment suits you best
