Users registering in AD with company account

%3CLINGO-SUB%20id%3D%22lingo-sub-2452895%22%20slang%3D%22en-US%22%3EUsers%20registering%20in%20AD%20with%20company%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2452895%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I'm%20new%20to%20the%20AD%20world%2C%20I'll%20explain%20the%20problem%20we%20are%20facing%20at%20work%20rn%20and%20I%20hope%20someone%20could%20give%20us%20some%20kind%20of%20info%20about%20this.%3CBR%20%2F%3EWe%20have%20some%20users%20that%20adds%20their%20personal%20pc%20to%20our%20AD%20with%20this%20window%20(SSO)%20in%20teams%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Alessio_Bojo_0-1623840977473.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F289105i02D70D8152B8BDBD%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Alessio_Bojo_0-1623840977473.png%22%20alt%3D%22Alessio_Bojo_0-1623840977473.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3Ewe%20ask%20our%20users%20to%20click%20on%20%22no%2C%20sign%20in%20to%20this%20app%20only%22%2C%20but%20some%20go%20all%20the%20way%20to%20download%20authenticator%20and%20registering%20their%20device%20to%20AD%2C%20and%20the%20list%20expand%20day%20by%20day%20(we%20got%20more%20then%206k%20users).%20Is%20there%20any%20way%20to%20block%20this%20page%20or%20disable%20this%20function%20only%20for%20a%20group%20of%20users%20via%20a%20script%20or%20an%20option%20in%20device%20settings%3F%20They%20are%20educational%20accounts%2C%20not%20work%20accounts%20they%20don't%20need%20to%20enter%20our%20network%2C%20they%20just%20have%20to%20get%20the%20licenses%2C%20and%20in%20AD%20they're%20are%20seen%20as%20%22registered%22%20devices%20not%20%22joined%22%20if%20this%20helps.%20Thanks%20to%20whoever%20can%20give%20us%20some%20information%20about%20this%20issue%20%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2452895%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEducation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20Apps%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2454466%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20registering%20in%20AD%20with%20company%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2454466%22%20slang%3D%22en-US%22%3EYou%20cannot%20disable%20it%20on%20the%20device%20(unless%20it's%20managed)%2C%20but%20you%20can%20control%20service-side%20which%20users%20are%20allowed%20to%20join%20a%20device%20to%20Azure%20AD%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fazureadjoin-plan%23users-may-join-devices-to-azure-ad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fazureadjoin-plan%23users-may-join-devices-to-azure-ad%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi, I'm new to the AD world, I'll explain the problem we are facing at work rn and I hope someone could give us some kind of info about this.
We have some users that adds their personal pc to our AD with this window (SSO) in teams

Alessio_Bojo_0-1623840977473.png

we ask our users to click on "no, sign in to this app only", but some go all the way to download authenticator and registering their device to AD, and the list expand day by day (we got more then 6k users). Is there any way to block this page or disable this function only for a group of users via a script or an option in device settings? They are educational accounts, not work accounts they don't need to enter our network, they just have to get the licenses, and in AD they're are seen as "registered" devices not "joined" if this helps. Thanks to whoever can give us some information about this issue :smile:

1 Reply
You cannot disable it on the device (unless it's managed), but you can control service-side which users are allowed to join a device to Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan#users-may-join-devi...