We allow in our environment that our users can logon to Microsoft Services on their personal computers, so they can use Office in their personal computers.
As we use Azure AD integration with Intune, that means that the personal computers are onboarded into Intune, and then (as we have Intune integrated with Defender) integrated with 365 Defender. That means that we end up with unmanaged computers on Intune and Defender, which on Defender it's quite bad, as we are receiving a lot of alerts related to unmanaged machines, and also vulnerabilities to deal with. We don't want to manage this machines for now.
So, is it possible to allow the users to logon on their personal machines, so they can use Office, but do not allow personal devices to integrate to Intune?