United Kingdom | Block Windows Home Devices in Intune

Nick Thomas - 04.04.202320230404

Block Windows Home Devices in Intune

United Kingdom | Block Windows Home Devices in Intune

If you are new to Intune I have written a high level yet extensive blog called “The Ultimate Guide to Microsoft Intune”. Head over to this blog to get further information on what it can do for your organisation. For those of you who have already adopted Microsoft Intune, please continue reading… 

Requirement

Our customer, let’s call them Contoso, expressed their willingness to embrace Bring Your Own Devices (BYOD) to enhance their progress towards the Modern Workplace strategy. However, Contoso had a specific external governance requirement whereby they had to block the “Windows Home” version of Windows 10 or Windows 11.  Fortunately, Microsoft Intune provides the capability to create filters which will allow us to achieve our desired goal.

Solution

There are a couple of prerequisites to start. 

To implement this solution you need to have one of the below Azure AD admin roles assigned to your account:  

  • Intune Administrator (least privilege) 
  • Global Administrator   

All users must have an Intune licensed assigned based on your current licensing model, for example, Microsoft 365 E5.   

All the configuration takes place within Microsoft Intune admin centre > Tenant admin > Filters. To create a new filter, please follow the below steps  

  • Create a new filter  
United Kingdom | Block Windows Home Devices in Intune
  • Give the filter a relevant name with the following settings 
United Kingdom | Block Windows Home Devices in Intune
  • Within Rules, you can set the specific syntax. Details of the supported device filter properties can be found here 
  • To set the filter to detect Windows 10/11 Home devices enter the following

– (device.operatingSystemSKU -contains “Core”)  

United Kingdom | Block Windows Home Devices in Intune
  • Once you do that, you can now set the enrollment device platform restrictions. All the configuration takes place within Microsoft Intune admin centre > Devices > Enrolment device platform restrictions 
United Kingdom | Block Windows Home Devices in Intune
  • Select Create restriction and give it a name 
United Kingdom | Block Windows Home Devices in Intune
  • Set the following Platform settings
United Kingdom | Block Windows Home Devices in Intune
  • Within Assignments, select Edit filter 
United Kingdom | Block Windows Home Devices in Intune
  • Select your previously created filter
United Kingdom | Block Windows Home Devices in Intune
  • When Contoso users now try to access Intune with Windows Home OS version, they will get the following
United Kingdom | Block Windows Home Devices in Intune

CONCLUSION

To conclude, Microsoft Intune offers organisations a valuable solution for attaining their desired device management objectives, including the ability to block specific versions of Windows operating systems. By following the straightforward steps detailed earlier, Intune administrators can ensure their organisation stays in line with any external governance mandates. I hope that this information has been enlightening and beneficial! If you require further clarification or would like a straightforward conversation, please reach out to us at Insentra. You can also explore more insightful content in our Insentra Insights section

RELATED ARTICLES 

The Ultimate Guide to Microsoft Intune

Late Night Brew – Control your MAM (Microsoft Application Management) with Microsoft Intune

Late Night Brew – Let’s Dive into Microsoft Intune Device

THANK YOU FOR YOUR SUBMISSION!

United Kingdom | Block Windows Home Devices in Intune

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United Kingdom | Block Windows Home Devices in Intune

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.