If we do click disconnect for an AADJ+Intune or Autopilot w/admin profile device, it’ll ask us to create another admin account: The other option is more of a fun realization. Accounts block Settings pane without Accounts In Intune, select Device Configuration > Device restrictions and select Block for Accounts in Control Panel and Settings. This would stop a subset of users from disconnecting, since it would then require scripting a solution to disconnect. One option here would be blocking access to the account pane. Users with admin rights should, in theory, be allowed to configure anything on the device – which includes enrollment into Intune. Let’s say you’re using Autopilot but setting the profile for administrators (or just using AADJ & Intune for new devices, which can’t restrict admin rights). If you’ve set this up – you’re done! The option to disconnect won’t be available for the end user: Admin users One of the best features of Autopilot is that it allows a standard-user enrollment (meaning users don’t have local admin rights). The options vary based on whether or not they have administrator rights. In this blog post, we explore the various ways to block Intune unenrollment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |