question

DCSKW avatar image
0 Votes"
DCSKW asked MrSbaa answered

Restrict Enrollment

Hello

I have Azure AD with all machines enrolled as Azure registered , i already convert most of machines to Azure hybrid AD join but i want to restrict the enrollment for only computer object which has synced from my active directory and avoid any user's personal computers to shown in my azure ad portal.

what is the impact if we have 3 users license with E5 and each user can login for multiple device in my network , is it consume license?

also i notice some users has multiple devices assigned under 1 user , how can restrict one device ( windows 10 ) per user only?

Thanks

azure-active-directorymem-intune-generalmem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered DCSKW commented

Are the devices enrolled in Intune? If yes, then you can restrict the number of devices a user can enroll. You can also restrict personal devices getting enrolled.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello

Yes sure with intune we can control the number for devices can be enrolled but how we can restrict the enrollment from Azure AD

0 Votes 0 ·
Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered MrSbaa converted comment to answer

Are you wanting to restrict Intune enrollment or hybrid/full AAD join? They are two different things.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Jason

I want to restrict the enrollment from Azure AD and stick the user machines with his Azure AD account.

0 Votes 0 ·

First, purely semantic, but you don't enroll in Azure AD, you join or register.

Why does AAD joining or registering matter? This doesn't grant users access to anything, it simply gives the system an identity in AAD. Is this purely because of licensing that you want to limit this?

0 Votes 0 ·

We have a request from the customer to not allowing the license users to access many devices cause it shown under the user name like test lab machines.

are there any impact for license?

the customer need the enrollment to be very restricted , please give me your recommendation in this scenario

0 Votes 0 ·
Show more comments
MrSbaa avatar image
0 Votes"
MrSbaa answered

You can not disable Azure AD device registration. This is enabled by default when using Microsoft365 services. You can however, limit the amount of devices the user can register in Azure AD. Keep in mind that Azure AD registration has nothing to do with ANY enrollment and also has ZERO impact to licenses. It sounds like you and your customer are misunderstanding this concept.

If you want to limit Azure AD registrations and more explanation, take a look here:

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.