Jan 05 2022 05:25 AM
Jan 13 2022 08:21 AM - edited Jan 13 2022 08:26 AM
"if i set the scope to all every one that signs in the AAD with the correct license get auto enrolled? Or if it still on the device owner to go through the enrolment steps on the device ?"
In my experience, it's all on the owner to enroll the device correctly. According to Microsoft's documentation, and the techs at MSFT Support, checking "All" gives the device owner the *option* to auto-enroll, but does not force the enrollment. They can still end up with an unmanaged device accessing company data. The only real control you have is Conditional Access, but that only allows you to block access if enrollment is not done properly. That's not "auto-enrollment." It's just an "I can't access my email" support call. I'm curious if there really is any way to auto-enroll BYOD devices? If there isn't, there should be a better way to control this process than what we have presently.