But do we want to give the users options to register the device in other tenants? Can we make sure they always make the right choice? How can I block users from adding additional work accounts (Azure AD registered) on my corporate Windows 10 devices?Īs I mentioned before, if the user checks “ Allow my organization to manage my device“, and chooses OK, this device will be Azure AD registered to the external tenant, this might not be our desired result.
We can always make a pretty instruction for our users, let them know which option they should use. This will just close the notification and does nothing. This will not register the users device to the external Azure AD, and it will only remembers the user’s credential for this app Choose “No, sign in to this app only”.This will not register the users device to the external Azure AD, but it will remember the users credential on the device for other apps Uncheck the “Allow my organization to manage my device, then click OK.More details of MDM and MAM scope, read about Oktay Sari’s post Configuring Intune MDM User Scope and MAM User Scope (allthingscloud.blog) This setting also remembers this user’s credentials on this device for other apps. This will register the user’s device to Azure AD (Azure AD registered device) and possibly enroll to MDM or MAM, depends on what is the current state of this device and the configuration of MDM and MAM. Since it’s a blue button, this is where most users will just click without thinking. When it comes to this notification, we don’t like it very much to begin with, but there are 4 choices for the end user: The Stay signed in to all your apps prompt.
0 kommentar(er)
