BYOD Access restriction without Autopilot
Question
How do you control BYOD Windows 10 devices?
■ Access to corporate resources
・ On-premises domain participation: 〇
・ For work groups 😕
・ BYOD: They don’t want to access
To my knowledge, Conditional Access can only determine the device, whether it is an AutoiPilot device or not.
I would like to know for reference how everyone controls in order to receive many such inquiries in the situation of COVID.
Answers ( 3 )
Azure AD Registered devices are treated as BYOD
Hybrid Azure AD Joined (Domain Join + Azure AD Registered ) and Azure AD joined are treated as CYOD
More details https://www.youtube.com/watch?v=x7ZTJ-Vdql4&list=PL67vGzo-INWO_0e-iSXsMHoRwB1mrTvU4&index=7&t=0s
Thanks Anoop,
I already recognized this section.
But this is not perfect I think.
Because Intune recognize the device is BYOD that only Autopilot enlollment or not.
(also Domain joined).
So, Intune can’t recognize enrollment devices is BYOD or work PCs.
Is my understanding wrong?
My understanding is Windows PC doesn’t have an unique identity like serial,IMEI.
So using Autopilot and recognize BYOD or not.
For example, if I take my workgroup company PC home and try to access company resources, I don’t think there is a way to distinguish it from my personal PC at home.
This is the way to restrict BYOD Windows 10 Devices
1. Sign in to the Microsoft Endpoint Manager admin center > Devices > Enrollment restrictions > Create restriction > Device type restriction.
2. On the Basics page, give the restriction a Name and optional Description.
3. Choose Next to go to the Platform settings page.
4. Under Platform, choose Allow for the platforms that you want this restriction to allow.
https://snipboard.io/zmkoGW.jpg
More Details https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set