You can create enrollment restrictions in Intune and block personal devices from enrolling. Only corporate methods will be allowed (Co-management, GPO, etc) https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#blocking-personal-windows-devices
Intune Co-Management - MDM User Scope
School environment with loads of Windows 10 PC's managed by SCCM. We have Intune and have successfully enabled co-management.
Something I need to clarify. Currently in AAD the MDM User Scope is set to "All" and the MAM to "None." This was done following the walkthrough for co-management setup.
But to me this seems to have the consequence that students who buy new personal W10 devices can inadvertently end up enrolling onto the School's MDM.
All we want is for domain W10 devices to auto-enroll into Intune. What User Scope settings should I use?
1 additional answer
Sort by: Most helpful
-
Crystal-MSFT 48,001 Reputation points Microsoft Vendor
2020-10-12T04:27:13.677+00:00 @M.Burland , Agree with Nick, we can set the "Personally owned" as Block under Windows (MDM) in device restriction. Also, there's another setting "Device limit", if the user only has limited device, we can consider setting Device limit for the users.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.