Table of Contents
Joining a device into Entra ID
My company allows users to join their personal computers into the company Entra ID. The challenge we found is that since users are admin on their personal computers they have the ability to join a personal computer to Entra ID.
You want to limit Entra ID join devices, you can limit users who can join their devices to Entra ID.
Restrict users can join devices into Entra ID
1. Go to Azure Active Directory admin center > Azure Active Directory > Devices.
2. Select Device settings, under Users may join devices to Entra ID section. By default, all users in your organization can join devices into Entra ID.
Select the Selected option to specify users or groups can join devices into Entra ID.
3. Click Add to add members allowed to join devices into Azure Active Directory.
Once done, when standard users trying to join a device into Entra ID. They would get the below error: Administrator policy does not allow user xxx to device join.
Devices can be joined into Entra ID using selected account that you configured in the previous step only.
