Forum Discussion
Windows Information Protection & the Windows Home edition conundrum
I guess you already tried this: device restriction settings in MS Intune profiles?
https://docs.microsoft.com/en-us/intune/device-restrictions-configure
On Windows 8.1 and later you can enforce encryption of files
WIP is appealing for BYO scenarios since it only applies to corporate data / apps, rather than wholesale applying overbearing policies to every part of the device, specifically causing constraints in the context of encryption (requirement for MS accounts; requirement for InstantGo hardware certification etc).
It appears the trade-off of not implementing the overbearing policies is an incomplete picture, if those on a Home edition can simply bypass the policies - and there's no way to conditionally stop them.
Despite there being an "operatingSystemEdition" field within the hardwareInformation properties of managedDevices in Graph, Intune isn't filling this in, so we can't even create dynamic groups based on OS edition.
+1 - nothing more to add!
