Forum Discussion

Stephen Bell's avatar
Stephen Bell
Iron Contributor
Jul 24, 2017

Surface Pro, EMS, Azure AD Join & Device Enrollment Managers

Hello all,

My company just purchased some EMS licenses with the intention on deploying some Surface Pro devices to our mobile workforce.  

 

If these are joined to Azure AD using a Device Enrollment Manager account - do these limitations still apply?  Having no specific device user?  Not being able to to use per-user conditional access policies?

 

I guess I understand this with an iOS device -- because it only has 1 user - but with a windows device, the user authenticates with their Azure AD credentials, I would hope that user specific configuration would be able to apply to the device?

 

Any input would be appreciated.

 

Thanks

sb

  • For Windows 1703, you can enroll those devices with a DEM account. Conditional access will work with a nonDEM account once the account logs in.

Resources