Home

Controlling AAD device registrations

%3CLINGO-SUB%20id%3D%22lingo-sub-207369%22%20slang%3D%22en-US%22%3EControlling%20AAD%20device%20registrations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207369%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20we%20control%20users%20'registering'%20their%20devices%20with%20Azure%20AD.%20Currently%2C%20we%20don't%20allow%20anyone%20to%20'join'%20the%20device%20with%20AAD.%20However%2C%20control%20to%20'register'%20the%20device%20is%20disabled%20with%20a%20message%20saying%26nbsp%3B%20%3CEM%3E%22Allow%20users%20to%20register%20their%20devices%20with%20Azure%20AD%20(Workplace%20Join).%20Enrollment%20with%20Microsoft%20Intune%20or%20Mobile%20Device%20Management%20for%20Office%20365%20requires%20Device%20Registration.If%20you%20have%20configured%20either%20of%20these%20services%2C%20ALL%20will%20be%20selected%20and%20the%20button%20will%20be%20disabled.%22%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20no%20one%20in%20the%20organisation%20can%20recall%20ever%20configuring%20MDM%20or%20InTune.%20May%20be%20it's%20activated%20by%20Microsoft%20by%20default.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-207369%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20enrollment%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDevice%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-207587%22%20slang%3D%22en-US%22%3ERe%3A%20Controlling%20AAD%20device%20registrations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-207587%22%20slang%3D%22en-US%22%3E%3CP%3EIntune%20is%20a%20separate%20subscription%2C%20so%20unless%20you%20paid%20for%20it%2Ftrialed%20it%2C%20it%20shouldn't%20be%20available.%20MDM%20is%20part%20of%20all%20O365%20Enterprise%20plans%20though%2C%20so%20if%20you%20are%20using%20such%20plan%20you%20can%20assume%20it's%26nbsp%3BMDM's%26nbsp%3B%22fault%22.%20Even%20if%20you%20haven't%20configured%20any%20additional%20policies%20for%20it%20(as%20found%20under%20%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%2F%3Frfr%3DAdminCenter%23%2Fdevicev2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%2F%3Frfr%3DAdminCenter%23%2Fdevicev2%3C%2FA%3E)%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

How can we control users 'registering' their devices with Azure AD. Currently, we don't allow anyone to 'join' the device with AAD. However, control to 'register' the device is disabled with a message saying  "Allow users to register their devices with Azure AD (Workplace Join). Enrollment with Microsoft Intune or Mobile Device Management for Office 365 requires Device Registration.If you have configured either of these services, ALL will be selected and the button will be disabled."

 

Now, no one in the organisation can recall ever configuring MDM or InTune. May be it's activated by Microsoft by default.

 

 

 

1 Reply

Intune is a separate subscription, so unless you paid for it/trialed it, it shouldn't be available. MDM is part of all O365 Enterprise plans though, so if you are using such plan you can assume it's MDM's "fault". Even if you haven't configured any additional policies for it (as found under https://protection.office.com/?rfr=AdminCenter#/devicev2)