Share via

block Azure AD Registered in Azure AD

SM 21 Reputation points
2022-01-12T06:28:32.553+00:00

Hi,

Is there a way to block personal devices for any corporate user try to register in Azure AD Only.
We are not talking about Intune enrollment here, only way to block Azure AD Registered

thanks

SM

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2022-01-12T06:48:47.44+00:00

    Hi @SM • Thank you for reaching out.

    You can restrict users from registering devices in Azure AD by using the below setting:

    Azure Portal > Azure Active Directory > Devices > Device settings > Users may register their devices with Azure AD > None

    Note: This setting will be greyed-out if you are using Microsoft Intune or mobile device management for Microsoft 365 as in that case, you should be using MDM for this purpose.

    164234-image.png

    Users may register their devices with Azure AD: You need to configure this setting to allow users to register Windows 10 personal, iOS, Android, and macOS devices with Azure AD. If you select None, devices aren't allowed to register with Azure AD. Enrollment with Microsoft Intune or mobile device management for Microsoft 365 requires registration. If you've configured either of these services, ALL is selected and NONE is unavailable.

    Ref: https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal#configure-device-settings

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vineet Kumar Gupta 161 Reputation points
    2022-04-11T13:43:29.933+00:00

    Please create a conditional access policy

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.