Microsoft Intune Enhances Device Security with New Windows Corporate Identifier Feature

Published: Jul 03, 2024

Windows 11 approved hero 1

SHARE ARTICLE

Key Takeaways:

  • Microsoft Intune’s new Windows Corporate Identifier feature allows administrators to easily identify and manage corporate Windows devices.
  • A new enrollment restriction experience lets IT administrators use specific device properties as filters to prevent unauthorized devices from enrolling.
  • Currently, the feature supports Windows 11 version 22H2 and later, with plans to extend support to Windows 10 on July 9.

Microsoft has released a new Windows corporate identifier feature for its Microsoft Intune service. This new feature is designed to enhance enrollment restrictions by ensuring that only corporate devices can access the network.

Microsoft emphasized the importance of administrators to ensure that only authorized devices access corporate resources. This requires identifying both company-owned and personal devices. However, managing a large fleet of devices with different operating systems can be challenging due to each platform’s unique management requirements and security considerations.

How does the Windows corporate device identifier feature work?

The new Windows corporate identifier feature simplifies the identification and management of corporate Windows devices. It allows administrators to upload a CSV file with details such as serial numbers, manufacturer information, and device models of their corporate PCs.

Once the enrollment process is complete, these Windows devices are marked as corporate in the Microsoft Intune admin center, and the appropriate policies and settings are applied. This feature supports only Windows 11 version 22H2 and later.

Microsoft Intune Enhances Device Security with New Windows Corporate Identifier Feature
Creating a filter in the Intune admin center with model and manufacturer device properties (Image Credits: Microsoft)

How to get started?

To use the Windows corporate device identifier, IT admins will need to follow the steps mentioned below:

  • Create a CSV file containing the serial number, manufacturer, and model of the corporate Windows devices.
  • Login to the Intune admin center and upload a CSV file by navigating to Devices > Windows > Corporate identifiers. Microsoft recommends using PowerShell or the Microsoft Graph API to upload data from more than 5000 devices.
  • Finally, verify that the Windows devices are marked as corporate in the Intune admin center.

Microsoft Intune adds new enrollment restriction experience

Microsoft stated that the new Windows corporate identifier feature offers a new enrollment restriction experience for Intune customers. Previously, enrollment restrictions were based on broad criteria like user groups and device types.

Microsoft Intune Enhances Device Security with New Windows Corporate Identifier Feature
Creating a filter in the Intune admin center (Image Credits: Microsoft)

With this new enrollment restriction experience, IT administrators can use device properties as filters to more precisely control which devices can enroll. For instance, they can block specific device models or manufacturers from enrolling.

Microsoft notes that the model and manufacturer properties are only supported on Windows 11 version 22H2. For unsupported versions of Windows, the company recommends using null values for manufacturer and model. Microsoft plans to add support for Windows 10 on July 9, and users will need to install the KB5039299 update on their PCs.

SHARE ARTICLE