Forum Discussion
Prevent Azure AD & Intune Enrollment
Is there a way to prevent a user from connecting a personal/home PC to Azure AD and, more importantly, to prevent them from enrolling in Intune? We have a growing number of personal systems that show as Azure AD devices and a significant number of those are Intune enrolled.
TIA
~DGM~
Hi DGMalcolm ,
yes it is possible.
To block Intune enrollment you have the option to set enrollment restrictions
https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
For azure ad you have to option users may join azure ad. And you can allow azure ad join for some users, all users or block (none)
kind regards,
rene
- Mr_HelaasSteel Contributor
Hi DGMalcolm ,
yes it is possible.
To block Intune enrollment you have the option to set enrollment restrictions
https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
For azure ad you have to option users may join azure ad. And you can allow azure ad join for some users, all users or block (none)
kind regards,
rene
- DGMalcolmIron ContributorThank you for this, it's given me a good start.
- setting up server side prevention by configuring the enrollment restrictions is indeed the way to go
https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/#part1
As configuring a registry key for each device (or using a gpo) client side isn't the best method