Microsoft Intune device restrictions for Windows

 In this article, we will see how to create enrollment restrictions for Windows devices:

1.  Sign in to the Microsoft Intune admin center (intune.microsoft.com). 

2.  Select Devices | Enrollment device platform restrictions:

Figure : Admin center – Enrollment device platform restrictions

3.  Create a restriction. Enter Device type restriction – HR as the name:

Figure : Admin center – enrollment restrictions

4.  Select the block and allow both for MDM and personally owned devices to allow or block Windows enrollment.

If you are allowing Windows (MDM) platform enrollment, you can block personal devices; see the following section to understand what blocking personal Windows devices means.

Allow min/max range for the OS version only blocks devices on enrollment and has no effect on devices already enrolled into Microsoft Intune; enrollment restriction is only validated on enrollment.

Figure : Command Prompt – ver

5. For the Assignments step, select HR Department.

When you are creating a custom enrollment restriction, you can scope it to apply to specific user groups in your organization, departments, countries, and so on.

Change the assignment settings to filter, based on any restrictions you want to provide to avoid groups from enrolling into MDM Intune:

Figure : Admin center – enrollment restrictions – Assignments

6. In the following screenshot, you can see an overview of the default device type restrictions:

Figure : Admin center – Windows restrictions

Thant Zin Phyo@Cracky (MCT, MCE, MVP)