Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

← Ideas

Add a policy to prevent device unenrollment from Company portal

Companies provide devices to their employees and generally wants to make sure that these devices will always remain managed through Intune. It could be interesting to have a policy that prevent users to unenroll a device identified as a company device from the Intune company portal.

496 votes

Vote

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Jean-Baptiste Frossard shared this idea · Jul 16, 2015 · Flag idea as inappropriate… · Admin →

needs more info ·

AdminCathy Moya (UserVoice admin for Intune, Microsoft Intune) responded · Jul 30, 2018

The PMs involved have been talking about how best to give you a way to disable the “remove device” action. They think rather than focusing on platform enrollment types (iOS, Android, Windows), they could allow you to disable based on corporate vs personal ownership. I said I’d ask if that would work for you. :-)

Would that get you want you need?

60 comments

Add a comment…

Sign in

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Zak commented · October 19, 2018 9:34 AM · Flag as inappropriate

Any Updates
Anonymous commented · October 11, 2018 3:36 AM · Flag as inappropriate

Has this been implemented?
Marco commented · October 1, 2018 2:12 AM · Flag as inappropriate

Actually it would be great if there would be an option to the user to remove his onmicrosoft.com account from the info. I personally broke the Intune enrollment when I removed the user and added a new one within the same session.
Intune sees the device as unenrolled and even when I put back the original user the enrollment didn't recover.

This is a known issue in the way intune manages shared devices that are used by different users as so far Intune has only one possible user assigned to the device
Dan goodwin commented · September 28, 2018 11:31 PM · Flag as inappropriate

Hi guys i have found a way round it if you have knox devices.

Instead of enrolling android enterprise, enrol just android.

The differences
Android enterprise- if you uninstall the company portal, knox deployment will not force the enrolment again.

Android- if you uninstall the company portal, knox deployment will force the user to go through the deployment again which involves installing and enrolling the company portal. During this time they are unable to use the back button, home button or split button.

So I think rolling out the devices as personal will ensure the devices are still managed
Anonymous commented · September 10, 2018 8:28 AM · Flag as inappropriate

Disabling corporate vs personal would be an option. It may also be nice to have some sort of policy set that us as admins could deploy. As admins you could test with multiple devices and if it automatically did not allow removal of the portal app, that could hinder testing from our side. If you could deploy it as a policy set it could allow use to point this to specific groups or collections. A case for this would be that my company has some outward facing Android devices that we manage. We can not use DEP since thats iOS. There would be an administrative burden to always verify the Android devices are always imported via manual efforts to verify they are "company owned." We get in hundreds of these devices that a specific group of individuals use. The company wants these individual users to enroll vs an enrollment administrator. If you could target a policy to these people which would remove the ability in the app to be removed, it would be beneficial.
Stephen B commented · August 31, 2018 3:22 AM · Flag as inappropriate

This is a very basic MDM requirement for company owned devices.

Please make this available ASAP!!
Dan commented · August 9, 2018 7:03 PM · Flag as inappropriate

What is the point of advertising Intune as MDM if this is not a feature. AirWatch ( a MDM solution ) provides this capability.
Anonymous commented · August 8, 2018 7:17 AM · Flag as inappropriate

"This policy setting is not applied if the computer is Azure Active Directory joined and auto-enrollment is enabled." As most people work this was please add Block Manual unenrollment
mark payton commented · August 6, 2018 1:47 AM · Flag as inappropriate

Works for me!
Anonymous commented · August 2, 2018 4:22 AM · Flag as inappropriate

This would certainly work for us.
Carlos Conrado commented · August 1, 2018 3:52 PM · Flag as inappropriate

Hi Cathy having the disable remove device based on corp or personal device would be a good enough solution.

Thanks
Rob de Roos commented · August 1, 2018 6:57 AM · Flag as inappropriate

Isn't this available allready? I believe it is. Disable manual unenrollment it is called if I am not mistaken.
Rich Moore commented · August 1, 2018 3:20 AM · Flag as inappropriate

That would work for us
Anonymous commented · July 31, 2018 10:37 AM · Flag as inappropriate

This would work for us.
Owen Dickenson commented · July 31, 2018 12:37 AM · Flag as inappropriate

That would work for us; we would want to have corporate devices managed with no choice to our end users. Those connecting personal devices - that's up to them.
Thomas Wiedenhofer commented · July 31, 2018 12:09 AM · Flag as inappropriate

For me it would be nice if corporate devices are disabled from removing the device, personal owned devices could be free of choice. Thank you!
Noel Fairclough commented · July 30, 2018 6:06 PM · Flag as inappropriate

Yes -being able to un-enroll based on ownership status is perfect. Corporately owned = they can't un-enroll the device without approval, or without the admin doing it for them. Personally owned = they can do what they want. We can restrict access to corporate resources based on MAM policies -so if they don't want the managed app, they can't access resources. Simple. If they don't want to use their personal device, they can apply for a corporate device but then live by our rules.
Pratik Dave commented · July 30, 2018 4:11 PM · Flag as inappropriate

Apple DEP integration has capabilities which stops device unenrollment for iOS Corp devices ! Something out the of box would be useful too, may be altering when user trigger removal of mgmt would be useful for admins
Anthony Zmoda commented · July 30, 2018 3:51 PM · Flag as inappropriate

That wouldn't work for us. We offer device wide VPN to both BYOD and Corporate owned Intune enrolled devices. We can't containerize device wide VPN so we require all of our end users to wipe their devices when leaving the mobility program. If we could toggle the "remove device" icon from within the Company Portal app, then that would reduce the likelihood of a device leaving Intune enrollment without having the factory reset performed.
James Read commented · July 30, 2018 3:16 PM · Flag as inappropriate

Disabling removing devices by ownership is exactly what we need.

← Previous 1 2 3 Next →

Ideas: Mobile Device Management (general)

Searching…

No results.
Clear search results

Give feedback
- Ideas 1,663 ideas
Microsoft Intune