Share via

How to stop user from ‘System Properties’ only?

TestUser 40 Reputation points
2024-07-14T18:34:42.41+00:00

I have my client window 10 device domain joined with AZURE AD, and I am using Intune for the management. I want to assign the TestUser with permission to everything on the domain joined device except for going to ‘System Properties’ and add On-Premises join. I just specially want to remove this access. How to do it from the intune configuration? I blocked the user from ‘Account’ so he can’t remove my azure Ad, but I can’t stop him from system properties alone, I don’t want to block him from “system’ but just the ‘Computer name/domain change.

 

Please help me

Note: I am using Azure AD + Intune for management and I do not use Win +R A2

Microsoft Security Intune Configuration
Microsoft Security Intune Application management
Microsoft Security Intune Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 53,981 Reputation points Microsoft External Staff
    2024-07-15T01:47:20.1133333+00:00

    @TestUser, Thanks for posting in Q&A. You can deploy "Device Restriction" policy to set System: Block and Accounts: Block to prevent users to access these areas.

    User's image

    https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.