Just to get things straight, could someone point me in the right direction.
Enrolling devices either by Azure AD join or Azure AD register, so far so good.
The difference between those types:
Azure AD Join (CYOD): Bitloker, Update rings seems to be working fine.
Azure AD registered (BYOD): Bitlocker, Update rings - are those applicable here too?
Another question, I have created to dynamic groups. One that collects all devices corporate owned, running Windows 10, and all devices personal owned, running Windows 10.
Company portal are added to both dynamic groups.
I have added Microsoft Store for business sync, running fine. But what about those games that are installed, cant we remove those? Its like they are installed default when the Company portal installs on the devices.
Some apps are not really installed but are suggestions, that can be turned off via Settings, Personalization, Start and switch off Show suggestions occasionally in Start. Or set an Intune policy to block those suggestions. Store apps which are indeed installed by default in Windows can be removed using the Business Store. Have a look at the article I wrote recently about removing Windows 10 apps https://www.inthecloud247.com/uninstall-windows-10-apps-with-intune/