Block access using hardware serial numbers (AAD+Intune)
Вставка
- Опубліковано 6 сер 2024
- Wouldn't it be nice to only allow access to corporate apps/resources from approved devices, specifically devices that you have added their serial number to an "allow" list? That way, if the device is not on that list, it will be blocked access?
Join me as I show you how to do this using Microsoft Endpoint Manager and Azure Active Directory.
More information on corporate identifiers: docs.microsoft.com/en-us/mem/...
00:00:00 Intro
00:00:44 The Solution
00:02:05 Upload Serial Number
00:03:53 Enrollment Restriction
00:04:53 Compliance Policy
00:05:47 Conditional Access Policy
00:07:22 Demo Block Access
00:11:45 Demo Allow Access
00:10:55 Final Thoughts - Наука та технологія
A great demonstration, Matt. Indeed an excellent mechanism for gating access to company resources on 'known' devices. It's surprising just how many organisations still won't cater for BYOD, even with advanced IAM controls such as CA and Enrolment restriction flexibility.
Good idea re serial enforcement, top presentation Matt, thanks
Thank yoThank you ... as always it is a pleasure to watch you video
Can you add video trying or elaborate how can we autopilot enrolment for device company from the manufactureru pleasure to watch you video
Can you add video trying or elaborate how we can autopilot enrolment for device company from the manufacturer?
There's no edit properties function visible in my Enrollment Device platform restrictions page :-( any idea why ?
It looks like Android 12 and later (Either using Android Enterprise - Personally Owned Work Profile or even Android Enterprise fully managed/corporate-owned work profile) isn't supported. Does that mean this serial number method is basically not supported for newer Android devices with no replacement solution?
Hi Matt. Pleas i have a question. I wuld like to lock some files to a, specific hardware by serialnumber. So only that hardware can open it. Pleas if you have any idea on how to do that HELP PLEAS. Any software that can do that?.
I use a Synthisizer that has a, serial number,so i wuld like to lock my sounds and files to my synthisizers serialnumber, so olny my synthisizer recodnize those files. So if you try to putt same foldes to another synthisizer that is same model but different serialnumber it should not open it. Pleas any advice or sokution or software that can make it PLEAS BEGING you
Does this process still work in 2024? I set this up exactly the same but it still allows the device to enroll and personal and never shows the serial number as Enrolled :(.
Is this possible to do for personally owned devices as well ?
Hi Matt videos are great. Is it possible to do the same without enrolling devices ie. by using the filter for device ID in conditional access, for macOS devices that are azure ad registered
When it’s managed this way , does the configuration become more corporate controlled on a use side?
Very informative! I am having a hard time with users playing musical chairs and using monitors that aren't assigned to them. Hybrid employees who take other monitors and docking stations home. It makes tracking these assets a nightmare. I want to restrict certain devices, (computers, monitors and docking stations) to only be usable by their associated user. Is that possible. I have looked everywhere. We are running an azure only environment.
How come company portal app doesn't provide a clear message as to why the self enrollment failed. Is the obscurity intentional?
The 'profile failed' message is a coded output response from iOS, although the reason as why enrolment failed can be validated in Endpoint Manager console.
Head on over to Devices > Monitor > Enrollment > Enrollment Failures then search by the user.