Forum Discussion
Force users to "entra register" their devices
Hi,
is it possible to force user to register their devices when they log in with their company account to any other device than company owned?
I tested on my private smarthphone. Logged in as normal user with company account and my device did not show up in entra as "Microsoft Entra registered"
Any ideas? Thanks
I don't know of a way to "force" this outside of CA Policy and you configuring it so that the devices have to be registered or MDM Enrolled (Intune) to access the applications. There is a CA Policy Template in Preview currently you can take a look at for a possibility.
They would have to enroll and be compliant to access your applications, etc.
Another way to potentially do it with phones is to setup Passwordless Sign-In which requires devices to be registered to work. Then you could make an Authentication Strength to only allow Passwordless Sign-in, but you would need to test all this to make sure it would work in the order that you desire.
There are settings in Intune for BYOD that would require registration and enrollment to access company resources, or they wouldn't be allowed. That is how my organization has it set for my personal device. If I want to access company resources, I have to enroll and therefore register my device and allow some specific apps (Defender, etc.) to be installed and configured or I can't access these resources on my personal device at all.
See if this helps!
NOTE: To get to the Conditional Access Policy Template mentioned above, sign-in to the Azure Portal, navigate to Entra ID, then Security, then Conditional Access. At the top, hit the + Create new policy from templates and choose Zero Trust. You may have to hit the "Show more" option at the lower left to see the one I referenced above.
Edward
