Forum Discussion
Preventing Azure AD Registration / Microsoft Support can not help
To prevent users from registering their personal Windows devices in Azure AD, you can configure the device registration settings in Azure AD. Here's how you can achieve this:
Sign in to the Azure portal (https://portal.azure.com) using your administrator account.
Navigate to the Azure Active Directory service.
In the Azure Active Directory blade, go to "Devices" and then select "Device settings."
Under the "Device settings" section, locate the option "Users may register their devices with Azure AD" and set it to "No."
Save the changes by clicking on the "Save" button.
By disabling user device registration in Azure AD, users will no longer be able to register their personal Windows devices with Azure AD.
It's important to note that this configuration will only prevent users from registering personal Windows devices. Organization-owned devices that are provisioned and managed by your organization will still be able to join Azure AD as part of the device management process.
Additionally, keep in mind that this setting may impact other scenarios where device registration is required, such as accessing certain Microsoft 365 services or using Azure AD features like conditional access. Consider reviewing your organization's requirements and evaluating the impact of this configuration before applying it.
- Hi,
Yes this is the configuration from the first position in my post. The button is greyed out and I can disable this via the PS command, "Get-AzureADServicePrincipal -Filter "DisplayName eq 'Microsoft Intune'" | Set-AzureADServicePrincipal -AccountEnabled $false"
But this disabled the Intune functionality entirely.
