I manage IT for a site in Dubai while the main IT team is in the UK. We've repeatedly informed users about the importance of informing us before purchasing laptops, but they continue to buy devices without telling us. These users end up working locally and using their Microsoft Accounts. I'm looking for ways to restrict their access to log into their accounts unless they use approved devices. Is there a method to enforce device compliance or restrict logins to certain devices without coming off as overly controlling?
5 Answers
Setting up a conditional access policy on their Microsoft accounts is crucial. This policy should ensure that only enrolled and compliant devices can access their accounts, effectively cutting off unauthorized devices.
If you have access to Intune and Entra, you could create a compliance policy or conditional access policy. This way, they won't be able to log in with their Microsoft Account unless the device they're using meets compliance requirements.
Definitely consider implementing conditional access that restricts logins to devices that are enrolled and compliant with your IT policies. This can prevent unauthorized devices from accessing their accounts, helping keep your network secure.
This issue seems both technical and a management problem. If users keep buying off-the-shelf laptops and bypassing policy, you need to escalate it to leadership. They should be enforcing compliance with existing IT regulations!
Consider locking down the network to allow connections only from recognized MAC addresses. This could prevent any unauthorized devices from accessing the network, forcing users to comply with your policies.
Thank you! This sounds like what I need.