During Intune setup, there are some situations when we have to block personal device enrollment so users won’t be able to enroll their BYOD devices. Today, we are going to show you how we can block BYOD device enrollment from Intune
- Login to Intune portal
- Go to Devices > Scroll down. Click on Enrollment restriction
By default, we have two pre-made selective templates that are targeting “All users”.
- Device type restrictions
- Device Limit restriction
To block BYOD enrollment click on “All Users” under Device Type restriction.
- Click on properties
- Then click on edit beside Platform settings
Now you can see we have control over which platform we want to allow and which platform we want to block. Not only BYOD you can also block corporate enrollments.
For our example, I am going to block all BYOD enrollments. Similarly, as per your choice, you can block any platform’s enrollment. Once you selected hit Review + save. Then save again
So that’s how you will be able to block BYOD enrollments for either windows, ios, android or macos devices.
For windows BYOD enrollment, users will be able to enroll with the company portal however we won’t see any device in Intune and it won’t be managed by Intune. On the other hand, azure will create an entry but on that entry MDM will be non which means the device is not being managed by Intune
