cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Prevent Azure AD & Intune Enrollment

DGMalcolm
Iron Contributor

‎Jul 24 2022 01:22 PM

‎Jul 24 2022 01:22 PM

Prevent Azure AD & Intune Enrollment

Is there a way to prevent a user from connecting a personal/home PC to Azure AD and, more importantly, to prevent them from enrolling in Intune? We have a growing number of personal systems that show as Azure AD devices and a significant number of those are Intune enrolled.

 

TIA

~DGM~

Labels:
1,383 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by DGMalcolm (Iron Contributor)
Mr_Helaas

‎Jul 24 2022 03:03 PM

‎Jul 24 2022 03:03 PM

Solution

Re: Prevent Azure AD & Intune Enrollment

Hi @DGMalcolm ,

 

yes it is possible.

 

To block Intune enrollment you have the option to set  enrollment restrictions 

 

https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

 

For azure ad you have to option users may join azure ad. And you can allow azure ad join for some users, all users or block (none)

 

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#confi...

 

kind regards,

 

rene 

0 Likes
Reply
Rudy_Ooms_MVP

‎Jul 24 2022 11:19 PM

‎Jul 24 2022 11:19 PM

Re: Prevent Azure AD & Intune Enrollment

setting up server side prevention by configuring the enrollment restrictions is indeed the way to go
https://call4cloud.nl/2021/08/the-battle-between-aadj-and-aadr/#part1
As configuring a registry key for each device (or using a gpo) client side isn't the best method
0 Likes
Reply
DGMalcolm

‎Jul 30 2022 07:42 AM

‎Jul 30 2022 07:42 AM

Re: Prevent Azure AD & Intune Enrollment

Thank you for this, it's given me a good start.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by DGMalcolm (Iron Contributor)
Mr_Helaas

‎Jul 24 2022 03:03 PM

‎Jul 24 2022 03:03 PM

Solution

Re: Prevent Azure AD & Intune Enrollment

Hi @DGMalcolm ,

 

yes it is possible.

 

To block Intune enrollment you have the option to set  enrollment restrictions 

 

https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

 

For azure ad you have to option users may join azure ad. And you can allow azure ad join for some users, all users or block (none)

 

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#confi...

 

kind regards,

 

rene 

View solution in original post

0 Likes
Reply