Only Allowed Users based on AD Group, the ability to enroll in Intune
It would be nice to be able to only allow users who are in a specific AD group (ex. Mobile-Access), to have the ability to enroll in Intune. All other users would not be allowed to enroll in Intune.
Agreed - Especially with the introduction of Mixed Authority, we even lost that ability in Intune hybrid.
We use Intune hybrid and always were able to control who can enroll in Intune. Now with the introduction of Mixed Authority users who don't have permissions to enroll in Intune hybrid automatically enroll in Intune standalone, instead of receiving an error message.
We currently don't manage Intune standalone, and with the current setup users without Intune permissions can enroll devices without our knowledge, and without any of our policies being applied.
James Read commented
Yes allowing restriction for MDM enrollment would be a great feature. I would smooth out the management of users allowed to enroll into Intune.
This would be very great. In the hbrid solution it's like this and for us this is also needed, because otherwise we need to remove the licenses (what's not comfortable)