You're reading from Mastering Microsoft Endpoint Manager Deploy and manage Windows 10, Windows 11, and Windows 365 on both physical and cloud PCs

Product type Paperback

Published in Oct 2021

Publisher Packt

ISBN-13 9781801078993

Length 666 pages

Edition 1st Edition

Tools

Microsoft Project

Concepts

Network Security

Author (1):

Per Larsen

View More author details

Table of Contents (24) Chapters

Preface

1. Section 1: Understanding the Basics

2. Chapter 1: Introduction to Microsoft 365 FREE CHAPTER

3. Chapter 2: What Is Unified Endpoint Management?

4. Section 2: Windows 365

5. Chapter 3: Introducing Windows 365

6. Chapter 4: Deploying Windows 365

7. Section 3: Mastering Microsoft Endpoint Manager

8. Chapter 5: Requirements for Microsoft Endpoint Manager

9. Chapter 6: Windows Deployment and Management

10. Chapter 7: Manager Windows Autopilot

11. Chapter 8: Application Management and Delivery

12. Chapter 9: Understanding Policy Management

13. Chapter 10: Advanced Policy Management

14. Chapter 11: Office Policy Management

15. Chapter 12: User Profile Management

16. Chapter 13: Identity and Security Management

17. Chapter 14: Monitoring and Endpoint Analytics

18. Chapter 15: Universal Print

19. Section 4: Tips and Tricks from the Field

20. Chapter 16: Troubleshooting Microsoft Endpoint Manager

21. Chapter 17: Troubleshooting Windows 365

22. Chapter 18: Community Help

23. Other Books You May Enjoy

Preventing users from carrying out AAD device registration

To block your users from adding additional work accounts to your corporate domain-joined, AAD-joined, or HAADJ Windows 10 devices, enable the following registry key. This policy can also be used to block domain-joined machines from inadvertently getting AAD registered with the same user account: HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin, "BlockAADWorkplaceJoin"=dword:00000001.

Figure 13.26 – Use this account everywhere on your device

There is no central way to prevent a user from registering their BYOD device in AAD. If AAD automatic MDM enrollment is configured and the checkmark for Allow my organization to manage my device is set, the device will be enrolled into Microsoft Intune. Next, we will take a look at self-service password reset (SSPR).