There are several ways to do this but imo I would suggest to use enrollment restrictions if you don't want users to enroll personal devices in Intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
My company allows users to register personal computers with our AAD. We also provide corporate computers and use user-driven Autopilot to provision them. The challenge we found is that since users are admin on their personal computers they have the ability to Join a personal computer to AAD from Settings>Accounts>Access Work or School>Connect using the Join to AAD link. When they join the device it is considered company owned by default and when it auto enrolls to Intune it receives all the corporate device assigned apps and policies etc.
We would like to prevent users from Joining to AAD and only allow them to register personal devices but without breaking the ability to use User-driven Autopilot. We tried restricting the "Allow users to join AAD" to only IT support but this breaks user-driven Autopilot.
The only way that I can currently think to achieve this is to use Autopilot for pre-provisioned deployment and could then disallow the main user base from joining devices to AAD but we don't want to do this for general provisioning.
Anyone know of some secret sauce to achieve this?
There are several ways to do this but imo I would suggest to use enrollment restrictions if you don't want users to enroll personal devices in Intune.
https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set
Did this every get solved?
I too would like users to use autopilot but block them from joining personal devices to AAD
I can see the restriction does not apply to Autopilot in self deployment mode but we wish to use user-driven mode
@Todd Anderson Will this option also cause issues with Windows Autopilot Hybrid Join -User Driven , if it is set to None