Ability to prevent workplace join, allow AAD join only
All other platforms (iOS, Android) support enrollment restrictions to block poersonal devices. Windows 10 needs the same. Please provide the ability to prevent workplace join.
There is currently no way to block a user from using workplace join while intune is enabled without the requirement to install an intune client. An end-user can workplace join on a standard user account, but cannot install software on the same device. This means admins cannot prevent a user from leaving their account logged in on any foreign device. I.e. the user travels to a hotel somewhere that does not utilize a Guest account, uses workplace join, then walks away. Any individual that goes to portal.office.com after that point will be logged in. Please de-couple the requirement to have workplace join enabled when intune is enabled. I would like to use intune and disable workplace join.