By Joel Stevens - Microsoft Support Escalation Engineer | Microsoft Endpoint Manager - Intune
When setting up mobile device management (MDM) for your Microsoft 365 organization, you activate Basic Mobility and Security to manage access control, and create and apply a device security policy to groups of users. When targeted users sign in to Microsoft 365 from their mobile devices, they will be prompted to enroll their devices in Basic Mobility and Security using the Intune Company Portal. Their access to email, OneDrive, and other services is restricted until they complete enrollment. An example notification is below:
You can find more information on the enrollment process for mobile device in Office 365 here
After implementing Basic Mobility and Security in your environment, you might decide to stop enforcing access control. There are different strategies to consider to minimize the impact to your end-users.
Note: It is not currently possible to “turn off” Basic Mobility and Security. If you are switching to a third-party MDM provider, then you can follow the steps in this article to remove access control and there should not be any further impact. There is no need to contact Microsoft Support unless you plan to use System Center Configuration Manager to manage your mobile devices via Microsoft Intune.
Temporarily unblock a device
If you want to temporarily unblock a noncompliant or unsupported device, you can manually override the quarantine rules.
Note: This action is only available in the Classic Exchange admin center.
Under the heading "Are there any security groups you want to exclude from access control?", select the + Add button and add the desired users based on security groups.
Organization-wide device access settings.
Stop enforcing access control across your organization
If you prefer to stop Intune enrollment requests for your entire organization, then you should delete all device security policies. Alternatively, you can edit the policy’s deployment settings to remove access control for specific security groups.
Note: Due to the way devices are granted access to email and other Microsoft 365 resources, it can take up to eight hours before access is restored after deleting the security policy. See the second option above for steps to lift the quarantine sooner.