Add a policy to prevent device unenrollment from Company portal
Companies provide devices to their employees and generally wants to make sure that these devices will always remain managed through Intune. It could be interesting to have a policy that prevent users to unenroll a device identified as a company device from the Intune company portal.
I can confirm that we have this on our plan for early in 2020/ Thanks for your patience!
Once signed in the Company Portal, the end users of a company owned device shouldn't be able to unassign from the Company Portal
Android users are able to deactivate the Company Portal App after having used it to enroll their devices so as to access their email. Once the app is deactivated, the device disappears from the MDM module in O365 and the users are still able to send/receive email on their devices.
We have a policy in the WP 8.1 to stop the user unenroll but if they access the company portal on the web they can remove the device that way.
This a good solution.