Published: Jul 03, 2024
Key Takeaways:
- Microsoft Intune’s new Windows Corporate Identifier feature allows administrators to easily identify and manage corporate Windows devices.
- A new enrollment restriction experience lets IT administrators use specific device properties as filters to prevent unauthorized devices from enrolling.
- Currently, the feature supports Windows 11 version 22H2 and later, with plans to extend support to Windows 10 on July 9.
Microsoft has released a new Windows corporate identifier feature for its Microsoft Intune service. This new feature is designed to enhance enrollment restrictions by ensuring that only corporate devices can access the network.
Microsoft emphasized the importance of administrators to ensure that only authorized devices access corporate resources. This requires identifying both company-owned and personal devices. However, managing a large fleet of devices with different operating systems can be challenging due to each platform’s unique management requirements and security considerations.
The new Windows corporate identifier feature simplifies the identification and management of corporate Windows devices. It allows administrators to upload a CSV file with details such as serial numbers, manufacturer information, and device models of their corporate PCs.
Once the enrollment process is complete, these Windows devices are marked as corporate in the Microsoft Intune admin center, and the appropriate policies and settings are applied. This feature supports only Windows 11 version 22H2 and later.
To use the Windows corporate device identifier, IT admins will need to follow the steps mentioned below:
Microsoft stated that the new Windows corporate identifier feature offers a new enrollment restriction experience for Intune customers. Previously, enrollment restrictions were based on broad criteria like user groups and device types.
With this new enrollment restriction experience, IT administrators can use device properties as filters to more precisely control which devices can enroll. For instance, they can block specific device models or manufacturers from enrolling.
Microsoft notes that the model and manufacturer properties are only supported on Windows 11 version 22H2. For unsupported versions of Windows, the company recommends using null values for manufacturer and model. Microsoft plans to add support for Windows 10 on July 9, and users will need to install the KB5039299 update on their PCs.