Table of Contents
Joining a device into Azure AD
My company allows users to join their personal computers into the company Azure AD. The challenge we found is that since users are admin on their personal computers they have the ability to join a personal computer to Azure AD.
You want to limit Azure AD join devices, you can limit users who can join their devices to Azure AD.
Restrict users can join devices into Azure AD
1. Go to Azure Active Directory admin center > Azure Active Directory > Devices.
2. Select Device settings, under Users may join devices to Azure AD section. By default, all users in your organization can join devices into Azure AD.
Select the Selected option to specify users or groups can join devices into Azure AD.
3. Click Add to add members allowed to join devices into Azure Active Directory.
Once done, when standard users trying to join a device into Azure AD. They would get the below error: Administrator policy does not allow user xxx to device join.
Devices can be joined into Azure AD using selected account that you configured in the previous step only.
