We have a site in Dubai where users are purchasing laptops without informing IT, and they're signing in with their Microsoft Accounts to work locally. Despite repeated reminders about following the correct procedures for getting IT-approved devices, they continue to ignore policies. I'm looking for ways to restrict Microsoft account logins to certain devices or implement measures to prevent this situation from recurring. It feels a bit controlling, but we need to enforce compliance since these individuals are sidestepping management too.
5 Answers
You might want to consider MAC address filtering for your network. This way, only approved devices can connect, and unauthorized ones will be blocked. It's a simple yet effective way to tighten security.
Make sure to enforce a proper company IT policy that includes device posture checks. You really need to make management aware that this is a serious issue with potential risks for sensitive data.
Sounds like a management issue more than an IT one. They need to step up and enforce the established processes or find a solution to the non-compliance problem. Without their support, it’s tough to hold everyone accountable.
Have you looked into using Intune or Entra? Setting up a compliance and conditional access policy could really help you out with this situation. If they try to log in without using a compliant device, it can be blocked automatically. Here's a link with more info: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies
Thanks! That sounds like exactly what we might need.
You could definitely set up a conditional access policy for their Microsoft accounts that requires them to use a compliant, enrolled device. This way, they can’t log in if they’re using unauthorized laptops.
Right, for basic protection, just requiring device enrollment could make a big difference.
Absolutely, it feels like we’re going in circles without management backing us up!