Forum Discussion
Approval flow for Azure AD Registration
Hello - is there a way to have an approval flow for getting a device Azure AD registered? We are an educational institution. Say we have a set of requirements for a registered device, in order fo...
- I think Microsoft's reasoning here is that you should be using the controls available within M365 MDM/Intune to address this, thus no granular control on Azure AD side.
Are you talking about AAD Join or AAD registration, as those are different, with the latter being a requirement for O365 MDM/Intune. If AAD Join, you can limit it to specific users via the Azure AD blade > Devices > Device settings > Users may join devices to Azure AD selection.
- Hello Vasil, thank you for replying. I'm talking about registration, not join, as we know that we can limit that.
It could be BYOD devices that are owned by employees themselves, including their own PC's at home, but also devices they may not directly own themselves. We're concerned that if all it takes to AAD register a device, is MFA, then they could in theory go borrow someone else's computer or maybe go to a netcafé or something like that, where they would have local admin, and then Azure AD register the device, without understanding what happens and then start syncing files from OneDrive or whatever else they might want to do. But we also don't want to eliminate the BYOD scenario entirely, thus thinking that if we could have an approval flow for such devices, then maybe that could be a workable middle ground.
Hope that makes sense?- I think Microsoft's reasoning here is that you should be using the controls available within M365 MDM/Intune to address this, thus no granular control on Azure AD side.
- Thank for that response - I'll post here, if we figure something out.
