Fully agreed, strangely enough was setting up some blocking policies for all devices on Intune enrollment today. In my opinion the "Allow my organisation to manage my device" should not be the default ticked option, it misleads regular users.
@getrubix
2 күн бұрын
Absolutely. The whole process is just way too easy to fall into.
@kokkosbollful
2 күн бұрын
Great vid as always man! I have recomended your channel to all my IT-colleagues who works whitin intune ❤️
@getrubix
2 күн бұрын
I really appreciate that!
@damien6134
2 күн бұрын
Thanks for this video and sharing your knowledge ! I can't wait to see what happens next to remove them from intune without wype them !
@getrubix
2 күн бұрын
Me too lol :)
@nebraskayak7632
Күн бұрын
I agree that there likely was no bad intentions. Most don’t have a personal account and just use their work account, not understanding the implications. Best to just prevent it. Btw, the audio seemed a little low. Meaning, I had to turn it up more than usual to hear it. Maybe just me?
@getrubix
Күн бұрын
I recently redid the audio setup and still working out the kinks- thanks for the feedback!
@itst0000
2 күн бұрын
nice table is the one with fresh bread that wasnt previously assigned to another table
@getrubix
2 күн бұрын
Correct!
@eugenemeenan3703
Күн бұрын
it's an odd one that I'm still not 100% of - basically if someone in the business uses personal phone for MFA does that enrol the device or should it be the app only - also they then have outlook which is part of the 365 suite - should we block or allow :-)
@MrMarcLaflamme
Күн бұрын
That "Stay signed in to all your apps" popup box is one of the worst designed boxes (and verbiage) from MS. The fact that it has a checkbox to enable or disable the management (enrollment), AND an OK AND a "No, sign into this app only" only adds to the confusion. What happens if you uncheck the box and press OK? What about not unchecking it but pressing No sign into this app only? That being said, we had Personal allowed because of the new Device Prep Policies requires it to be enabled (unless that has changed?) Finally, if we happen to have devices registered with Entra and enrolled in Intune that are personal (turns out we have two), can I prune these out by deleting them?
@getrubix
Күн бұрын
Yes- I'm going to cover that all next week
@simonhardy72
Күн бұрын
Amen
@abualghoul
Күн бұрын
This is exactly what I need. One of the admins has allowed personal devices to join Azure. Now, I can't distinguish between personal and corporate devices since both are shown as MDM, and Azure joined devices. I attempted to create a dynamic group with the rule: ``` (device.deviceOwnership -eq "Company") and (device.deviceTrustType -eq "AzureAD") ``` but it didn't work. I would be very grateful if you could help me find a way to identify and remove these personal computers. Some of them might be part of the Autopilot devices.
@getrubix
Күн бұрын
Absolutely- that's coming up next week!
@ShawnOfeoiwnofne
Күн бұрын
if the device is added to Intune as if it were a personal device, can it then be changed to a Corporate Device in the Intune interface after?
@getrubix
Күн бұрын
Yes
@itst0000
Күн бұрын
if i block personal devices will this affect enrolling existing entra joined devices? reference call4cloud may 14 2020 section 2
@getrubix
Күн бұрын
You'd be better off bulk joining them with a PPKG or GPO (if they're hybrid). I am curious what scenario would give you entra join devices without Intune enrollment- what is managing the PCs?
Пікірлер: 21