Yeah, finally it’s here!
Many companies has requested this for a long time, and now it’s possible to restrict enrollment for Windows corporate owned device only in Intune. I know for sure that this has been a blocker in many organization, which has made the shift to modern management for Windows 10 impossible, with this new feature the show can go on 🙂
First you need to sign-in to the Microsoft 365 Device Management portal and then Device enrollment
Now go to Enrollment restrictions -> Default (or Create restriction if you want to test it for a small group of users)
Go to Properties -> Configure
Change ‘Windows (MDM)’ to Block to prevent your users from enrolling a personal owned Windows devices into Intune.
When your users is trying to enroll a personal owned Windows device, they will see the following message, and the device will not be enrolled.