cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Block Windows 10/11 Home enrollment

Djaswant
Brass Contributor

‎Mar 07 2024 07:09 AM

‎Mar 07 2024 07:09 AM

Block Windows 10/11 Home enrollment

Hi all,

 

I was wondering if it's possible to block/restrict the enrollment of Windows 10/11 Home versions?
Does anyone have any experience with this or knows if it is even possible?

347 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Djaswant (Brass Contributor)
SebastiaanSmits

‎Mar 07 2024 10:30 PM

‎Mar 07 2024 10:30 PM

Solution

Re: Block Windows 10/11 Home enrollment

@Djaswant 

 

Hi you can't block Windows Home from registering to Intune directly, with some specific policy. What you can do is in the Device Platform Restrictions you can block Personally Owned enrollment. 

https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-platform-restrictions

 

This blocks any way an Windows Home version can enroll in Intune. If you need other types of devices to still enroll through Personally Owned you can create an Assignment Filter, see here: create-device-platform-restrictions

 

------

Please click Mark as Best Response & Like if my post helped you to solve your issue.

This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

 

0 Likes
Reply
NicklasOlsen

‎Mar 08 2024 09:36 AM

‎Mar 08 2024 09:36 AM

Re: Block Windows 10/11 Home enrollment

Hi,

Do you want to restrict the enrollment of devices to Intune, or is it also to Azure AD?
It's necessary for me to understand what you try to achieve because it's not easy to restrict only Windows 10/11 Home machines.

Enrollment of personally owned devices can be blocked by enrollment restrictions in Intune, as Sebastian is mentioning. However, the user can still register the device in Azure AD :)
0 Likes
Reply
SebastiaanSmits

‎Mar 08 2024 10:12 AM

‎Mar 08 2024 10:12 AM

Re: Block Windows 10/11 Home enrollment

Even if he will tell you it wil not help, it is not possible to stop AD Registering (certainly not on some detail like Windows Home). There is some Conditional Access trick with Hybrid Join: see here for example: https://www.reddit.com/r/Office365/s/WnqYrloZnQ

Device Platform Restriction and stopping Intune Enrollment is the best you can do
1 Like
Reply
Djaswant

‎Mar 11 2024 02:50 AM

‎Mar 11 2024 02:50 AM

Re: Block Windows 10/11 Home enrollment

Hi Sebastiaan,

Thank you for responding. I've applied assignment filters on our policies and profiles, so that should be fine., but we don't want any Home devices in our Intune tenant.

Thank you for the information regarding device platform restrictions, I will look into it!
Seems like the best way to go at it.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Djaswant (Brass Contributor)
SebastiaanSmits

‎Mar 07 2024 10:30 PM

‎Mar 07 2024 10:30 PM

Solution

Re: Block Windows 10/11 Home enrollment

@Djaswant 

 

Hi you can't block Windows Home from registering to Intune directly, with some specific policy. What you can do is in the Device Platform Restrictions you can block Personally Owned enrollment. 

https://learn.microsoft.com/en-us/mem/intune/enrollment/create-device-platform-restrictions

 

This blocks any way an Windows Home version can enroll in Intune. If you need other types of devices to still enroll through Personally Owned you can create an Assignment Filter, see here: create-device-platform-restrictions

 

------

Please click Mark as Best Response & Like if my post helped you to solve your issue.

This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

 

View solution in original post

0 Likes
Reply