Prevent users from Joining personal computers to Azure Active Directory but still allow User-Driven Autopilot

Todd Anderson 36 Reputation points
2021-12-10T16:20:45.69+00:00

My company allows users to register personal computers with our AAD. We also provide corporate computers and use user-driven Autopilot to provision them. The challenge we found is that since users are admin on their personal computers they have the ability to Join a personal computer to AAD from Settings>Accounts>Access Work or School>Connect using the Join to AAD link. When they join the device it is considered company owned by default and when it auto enrolls to Intune it receives all the corporate device assigned apps and policies etc.

We would like to prevent users from Joining to AAD and only allow them to register personal devices but without breaking the ability to use User-driven Autopilot. We tried restricting the "Allow users to join AAD" to only IT support but this breaks user-driven Autopilot.

The only way that I can currently think to achieve this is to use Autopilot for pre-provisioned deployment and could then disallow the main user base from joining devices to AAD but we don't want to do this for general provisioning.

Anyone know of some secret sauce to achieve this?

Microsoft Entra
{count} vote

4 answers

Sort by: Most helpful
  1. Mr Sb 366 Reputation points
    2021-12-11T00:25:10.943+00:00

    There are several ways to do this but imo I would suggest to use enrollment restrictions if you don't want users to enroll personal devices in Intune.

    https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set

    1 person found this answer helpful.

  2. Simon Payne 6 Reputation points
    2022-03-09T01:35:48.827+00:00

    Did this every get solved?
    I too would like users to use autopilot but block them from joining personal devices to AAD

    0 comments No comments

  3. Simon Payne 6 Reputation points
    2022-03-09T01:43:17.837+00:00

    I can see the restriction does not apply to Autopilot in self deployment mode but we wish to use user-driven mode
    181232-image.png


  4. Pixl Pixl 1 Reputation point
    2022-12-12T12:05:14.397+00:00

    @Todd Anderson Will this option also cause issues with Windows Autopilot Hybrid Join -User Driven , if it is set to None


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.