Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Conditional access - Block enrollment unless device is listed in the Autopilot devices

Would be nice to be able to block enrollment of devices if they are not imported to the "Windows Autopilot devices" list and with the option to also check that it has an Autopilot profile attached to it.

Should also be a compliance setting to check if the device has gone through an Autopilot setup or not. If not, then mark as non-compliant.

62 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Lars Halvorsen shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    New devices from our OEM are onl configured according to our corporate policies when someone logs in as a AAD user and thus enrolls the device into MDM. So there should be now way to escape from logging in as AAD user during the OOBE. Especially it should not be possible to create local accounts.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Not all enterprises allow BYOD.
    AFAIK there is no enrollment restriction which would allow us to just enroll devices from our OEM or the ones we have registered intentionally.
    This it would be great to add a enroll restriction that forbids to enroll any non-registered device

Feedback and Knowledge Base