cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Device Limitations not working due to Azure Joined Windows

luvsql
Steel Contributor

‎Jul 06 2022 06:39 AM

‎Jul 06 2022 06:39 AM

Device Limitations not working due to Azure Joined Windows

Unbeknownst to me, none of our Windows laptops that are auto-enrolled into InTune via Azure AD join are included with the device limitation so we can't "limit" a number of devices an Employee is to have.

 

So if InTune cannot include these laptops that all Employees have, I assume I must then change the limitation to 1 device which would be a cellphone (since we supply all Employees with one).  That solves the issue of not adding more than 1 mobile device (since the conditional access policy will force them to enroll if they try add email or apps to a different phone) but what about multiple laptops?

 

I know the risk is less but there is nothing stopping an Employee from joining another laptop to Azure as it only requires an email, password and MFA which they have.  I can't change the Azure device limitation to 1 because Azure also lists the devices from Intune so won't that cause an issue there?

 

There seems to be so many things Microsoft didn't think about.  Yes we love the auto-enroll with InTune since it's easy but now we can't limit?  

Labels:
947 Views
0 Likes
3 Replies
Reply
3 Replies
Rudy_Ooms_MVP

‎Jul 06 2022 11:46 PM

‎Jul 06 2022 11:46 PM

Re: Device Limitations not working due to Azure Joined Windows

Why not make sure you configure device restrictions, so people can't enroll their personal devices? (windows/ios/android)
As an example when blocking a personal windows device to be enrolled, only autopilot can be used. So you don't need to worry about the amount of device a user can enroll

https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/

Also another quick note: you could also make sure only users with the required license are only allowed to add a device
0 Likes
Reply
luvsql

‎Jul 07 2022 05:58 AM

‎Jul 07 2022 05:58 AM

Re: Device Limitations not working due to Azure Joined Windows

We use Azure AD so a user won't be able to join their personal Windows devices to Azure so that's not our concern. Our concern is with users adding multiple Android devices. The conditional access policy does block them from using the apps and enforces InTune, but the group they are a member in allows Android so we need to then limit the number of Androids they can enroll.
0 Likes
Reply
Rudy_Ooms_MVP

‎Jul 07 2022 07:48 AM

‎Jul 07 2022 07:48 AM

Re: Device Limitations not working due to Azure Joined Windows

Hi.. could you explain the sentence "we use azure ad, so a user wont be able to join their personal windows devices to azure"
I assume you configured the device restriction to do so...

Looking back at the original question.. you didn't talked about android? or did i get it wrong
But if you are requiring compliant/enrolled android devices before they could access the data.. yes you need to enroll them.... maybe a better idea would be to use app protection on those devices instead of enrolling them all?
0 Likes
Reply