How to block personal devices in Intune with enrollment restrictions

by ·

In this blog post, I will show you how to block personal devices from enrolling in Intune using enrollment restrictions. This is a useful feature to ensure that only corporate-owned devices can access your organization’s resources and data.

What are enrollment restrictions?

Enrollment restrictions are policies that you can configure in Intune to control which devices can enroll in Intune based on certain device attributes, such as device platform, OS version, manufacturer, or ownership type. You can create multiple enrollment restriction policies and assign them to different groups of users or devices. Intune applies the policy with the highest priority to the enrollment attempt.

How to block personal devices in Intune?

To block personal devices in Intune, you need to create an enrollment restriction policy that block the device platforms that you want to block. For example, if you want to block personal devices running on Windows 10/11, you need to create a policy with the following settings:

  1. Open Intune Postal
  2. Open Devices / Enroll Devices
  3. Select Enrollment Device Platform Restrictions
  4. Click + Create restriction
  1. Give the Enrollment Restriction a suitable Name
  1. Select Block on Personally owned devices
  1. Tag the Enrollment Restriction if using tags in your organization
  2. Assign the Enrollment Restriction to suitable groups
  3. Create the Enrollment Restriction

What happens when a user tries to enroll a personal device in Intune?

When a user tries to enroll a personal device in Intune, they will see an error message that says “Your device can’t be enrolled because it’s not owned by your organization.” They will not be able to complete the enrollment process and access the Intune Company Portal app or any other apps that require Intune management.

How to verify that the enrollment restriction is working?

To verify that the enrollment restriction is working, you can check the enrollment status of the devices in the Intune portal. You can also use the Intune Troubleshooting blade to see the details of the enrollment errors and the applied policies.

Summary

In this blog post, I showed you how to block personal devices in Intune with enrollment restrictions. This is a simple and effective way to ensure that only corporate-owned devices can enroll in Intune and access your organization’s resources and data. Thank you for reading! 😊

About The Author

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB.
Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

See author's posts

Tags:

Mr T-Bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Most Valuable Professional (MVP) on Enterprise Mobility. Certified in most Microsoft technologies and over 23 years as Microsoft Certified Trainer (MCT)

You may also like...