If you are new to Intune I have written a high level yet extensive blog called “The Ultimate Guide to Microsoft Intune”. Head over to this blog to get further information on what it can do for your organisation. For those of you who have already adopted Microsoft Intune, please continue reading…
Requirement
Our customer, let’s call them Contoso, expressed their willingness to embrace Bring Your Own Devices (BYOD) to enhance their progress towards the Modern Workplace strategy. However, Contoso had a specific external governance requirement whereby they had to block the “Windows Home” version of Windows 10 or Windows 11. Fortunately, Microsoft Intune provides the capability to create filters which will allow us to achieve our desired goal.
Solution
There are a couple of prerequisites to start.
To implement this solution you need to have one of the below Azure AD admin roles assigned to your account:
- Intune Administrator (least privilege)
- Global Administrator
All users must have an Intune licensed assigned based on your current licensing model, for example, Microsoft 365 E5.
All the configuration takes place within Microsoft Intune admin centre > Tenant admin > Filters. To create a new filter, please follow the below steps
- Create a new filter

- Give the filter a relevant name with the following settings

- Within Rules, you can set the specific syntax. Details of the supported device filter properties can be found here
- To set the filter to detect Windows 10/11 Home devices enter the following
– (device.operatingSystemSKU -contains “Core”)

- Once you do that, you can now set the enrollment device platform restrictions. All the configuration takes place within Microsoft Intune admin centre > Devices > Enrolment device platform restrictions

- Select Create restriction and give it a name

- Set the following Platform settings

- Within Assignments, select Edit filter

- Select your previously created filter

- When Contoso users now try to access Intune with Windows Home OS version, they will get the following

CONCLUSION
To conclude, Microsoft Intune offers organisations a valuable solution for attaining their desired device management objectives, including the ability to block specific versions of Windows operating systems. By following the straightforward steps detailed earlier, Intune administrators can ensure their organisation stays in line with any external governance mandates. I hope that this information has been enlightening and beneficial! If you require further clarification or would like a straightforward conversation, please reach out to us at Insentra. You can also explore more insightful content in our Insentra Insights section.
RELATED ARTICLES
The Ultimate Guide to Microsoft Intune
Late Night Brew – Control your MAM (Microsoft Application Management) with Microsoft Intune