This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello
I have Azure AD with all machines enrolled as Azure registered , i already convert most of machines to Azure hybrid AD join but i want to restrict the enrollment for only computer object which has synced from my active directory and avoid any user's personal computers to shown in my azure ad portal.
what is the impact if we have 3 users license with E5 and each user can login for multiple device in my network , is it consume license?
also i notice some users has multiple devices assigned under 1 user , how can restrict one device ( windows 10 ) per user only?
Thanks
Are the devices enrolled in Intune? If yes, then you can restrict the number of devices a user can enroll. You can also restrict personal devices getting enrolled.
Hello
Yes sure with intune we can control the number for devices can be enrolled but how we can restrict the enrollment from Azure AD
Are you wanting to restrict Intune enrollment or hybrid/full AAD join? They are two different things.
Hello Jason
I want to restrict the enrollment from Azure AD and stick the user machines with his Azure AD account.
First, purely semantic, but you don't enroll in Azure AD, you join or register.
Why does AAD joining or registering matter? This doesn't grant users access to anything, it simply gives the system an identity in AAD. Is this purely because of licensing that you want to limit this?
We have a request from the customer to not allowing the license users to access many devices cause it shown under the user name like test lab machines.
are there any impact for license?
the customer need the enrollment to be very restricted , please give me your recommendation in this scenario
Sorry, not following. Are these existing devices or newly provisioned devices? What's the scenario where they would they get joined or registered to your AAD tenant?
You can not disable Azure AD device registration. This is enabled by default when using Microsoft365 services. You can however, limit the amount of devices the user can register in Azure AD. Keep in mind that Azure AD registration has nothing to do with ANY enrollment and also has ZERO impact to licenses. It sounds like you and your customer are misunderstanding this concept.
If you want to limit Azure AD registrations and more explanation, take a look here:
https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal