![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 34%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES5%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,633 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hello @SUIKA-5822,
Based on your description Auto MDM enrollment is enabled and you want to know the behavior when User signs into OneDrive with their work or school account and receives a sign-in pop up and select No, this app only. In this scenario since the user has selected only "No, this app only” this prevents the device from being Azure AD registered, or Azure AD joined. The sign-in will only receive a token for the app login (in this case OneDrive). So, the device will not be Azure AD joined or registered. Auto MDM enrollment will not be triggered in this scenario as the user selected "No, this app only” option.
To understand the prompt more properly we will go through the actions which get executed based on the selections done in the prompt.
There are 3 selections in the prompt.
- Yes, all apps: Allows your work or school account to sign you into other desktop apps and websites you use on this device.
- No, this app only: Signs you into the current app only, without affecting other apps.
- Allow my organization to manage this device: Enabling this allows your organization to enroll your device in Mobile Device Management (MDM), granting them the ability to manage device settings and security policies.
The different scenarios based on selections given that Auto MDM enrollment is ON:
- Selecting "Yes, all apps" and checking "Allow my organization to manage this device" : Device will get registered to Entra ID (Joined in case of corporate owned device) and will get enrolled in MDM as well. All the device settings, security policies, compliance policies will get enforced. SSO experience across all MS apps.
- Selecting "No, this app only" and checking "Allow my organization to manage this device" : Device will not be registered with Entra ID, since registration didn't happen MDM enrollment will also not happen. Only the current app will use your work school account other apps will remain unaffected.
- Selecting "Yes, all apps" and leaving "Allow my organization to manage this device" unchecked : Device will be registered with Entra ID but MDM enrollment will not happen even though device is registered as the second option was left unchecked. SSO will work across MS apps.
- Selecting "No, this app only" and leaving "Allow my organization to manage this device" unchecked : Device will not be registered with Entra ID, MDM enrollment will also not happen. Only the current app will use your work school account other apps will remain unaffected.
Document for more information: Add-your-work-or-school-account-to-a-windows-device
If you have any further questions, please do let us know.