Home

Controlling AAD device registrations

%3CLINGO-SUB%20id%3D%22lingo-sub-207369%22%20slang%3D%22en-US%22%3EControlling%20AAD%20device%20registrations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207369%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20we%20control%20users%20'registering'%20their%20devices%20with%20Azure%20AD.%20Currently%2C%20we%20don't%20allow%20anyone%20to%20'join'%20the%20device%20with%20AAD.%20However%2C%20control%20to%20'register'%20the%20device%20is%20disabled%20with%20a%20message%20saying%26nbsp%3B%20%3CEM%3E%22Allow%20users%20to%20register%20their%20devices%20with%20Azure%20AD%20(Workplace%20Join).%20Enrollment%20with%20Microsoft%20Intune%20or%20Mobile%20Device%20Management%20for%20Office%20365%20requires%20Device%20Registration.If%20you%20have%20configured%20either%20of%20these%20services%2C%20ALL%20will%20be%20selected%20and%20the%20button%20will%20be%20disabled.%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20no%20one%20in%20the%20organisation%20can%20recall%20ever%20configuring%20MDM%20or%20InTune.%20May%20be%20it's%20activated%20by%20Microsoft%20by%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-207369%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20enrollment%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-207587%22%20slang%3D%22en-US%22%3ERe%3A%20Controlling%20AAD%20device%20registrations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207587%22%20slang%3D%22en-US%22%3E%3CP%3EIntune%20is%20a%20separate%20subscription%2C%20so%20unless%20you%20paid%20for%20it%2Ftrialed%20it%2C%20it%20shouldn't%20be%20available.%20MDM%20is%20part%20of%20all%20O365%20Enterprise%20plans%20though%2C%20so%20if%20you%20are%20using%20such%20plan%20you%20can%20assume%20it's%26nbsp%3BMDM's%26nbsp%3B%22fault%22.%20Even%20if%20you%20haven't%20configured%20any%20additional%20policies%20for%20it%20(as%20found%20under%20%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%2F%3Frfr%3DAdminCenter%23%2Fdevicev2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%2F%3Frfr%3DAdminCenter%23%2Fdevicev2%3C%2FA%3E)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Gurdev Singh
Contributor

How can we control users 'registering' their devices with Azure AD. Currently, we don't allow anyone to 'join' the device with AAD. However, control to 'register' the device is disabled with a message saying  "Allow users to register their devices with Azure AD (Workplace Join). Enrollment with Microsoft Intune or Mobile Device Management for Office 365 requires Device Registration.If you have configured either of these services, ALL will be selected and the button will be disabled."

 

Now, no one in the organisation can recall ever configuring MDM or InTune. May be it's activated by Microsoft by default.

 

 

 

1 Reply

Intune is a separate subscription, so unless you paid for it/trialed it, it shouldn't be available. MDM is part of all O365 Enterprise plans though, so if you are using such plan you can assume it's MDM's "fault". Even if you haven't configured any additional policies for it (as found under https://protection.office.com/?rfr=AdminCenter#/devicev2)

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies