Feb 07 2024 02:39 AM
Dear community members,
One of our clients are using Intune as their MDM system.
Now I've come across the following issue.
Some users lost or forgot their laptop and then they will use a loan laptop. This device is Intune enrolled and Entra ID joined. Once they sign in it will go through the OOBE proces. Is there a solution to prevent this, shared devices profile?
Feb 12 2024 01:57 AM - edited Feb 12 2024 01:58 AM
You could configure the ESP profile for that, set the option "Only show page to devices provisioned by out-of-box experience (OOBE)" to Yes
Use this setting to stop the enrollment status page from reappearing to every new user who signs into the device. Your options:
No: The enrollment status page is shown during the device phase and the out-of-box experience (OOBE). The page is also shown during the user phase to every user who signs into the device for the first time.
Yes: The enrollment status page is shown during the device phase and the OOBE. The page is also shown during the user phase, but only to the first user who signs into the device. It isn't shown to subsequent users who sign into the device.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If one of the posts was helpful in other ways, please consider giving it a Like.
Feb 19 2024 12:29 AM
Feb 19 2024 12:39 AM
Feb 19 2024 12:47 AM
Feb 19 2024 12:52 AM
Yes, that's correct. The setting is only for OOBE/Autopilot devices (provisioned by out-of-box experience (OOBE)).
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If one of the posts was helpful in other ways, please consider giving it a Like.
Feb 19 2024 12:58 AM
Feb 19 2024 01:05 AM - edited Feb 19 2024 01:06 AM
For any new user on that device, yes, I don't think that changing the setting will force an ESP page on all existing devices that use the "Access work or school" option... Perhaps using enrollment restrictions to block enrolling devices outside of the autopilot process (https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#blocking-persona...) would help to prevent users from enrolling their devices like that (When they enroll a personal device, they receive the question if their current account should be made admin of the machine)