Hi
I have azure AD and have the endpoint security which allows anyone in my company to join a personal windows PC or mac if they install the company portal app.
This enforces security setting that most staff are comfortable with, but remote wipe is something most people are not comfortable with and i can't say i blame them.
I am never going to wipe anyone's personal device deliberately, so i would much rather this was never an option.
Is there a way i can setup a profile or policy so that permissions to remote wipe / erase is never set on a personal devices?
I am particularly interested in doing this for MacOS but it would also be useful on windows too.
