In this article, I will show you how to restrict who can join Windows 10 machines to Microsoft Intune.
By default, Microsoft Intune and Azure Active Directory allow any user in the organization to join their machine to Intune.
This option is good if you have a small company and don’t want to get involved with the day to day administration of Intune.
In some cases, this option can open the door to some security vulnerabilities.
Restrict who can join devices to Intune
To control this option and restrict who can join a machine to Intune, open Azure Active Directory -> Devices -> Device settings.
From the device setting page, change the Users may join devices to Azure AD.
It is recommended to set it to Selected and use an Azure AD Group.
After clicking Selected, find the group or specific users and click on Save.
To join a Windows 10 machine to Intune the easy way, visit the following post: