Offer granular controls for "Require Multi-Factor Auth to join devices" setting
The setting "Require Multi-Factor Auth to join devices" always applies to all users and all kinds of device registrations (e.g. Device Registrations and Intune enrolments). As with other access controls (like Conditional Access for example), this setting should allow more granular controls.
For example: To require MFA for device registrations done because of MAM without enrollment policies (Intune App Protection Policies without enrollment) you currently have to enable the setting mentioned above.
-> This then automatically also enables MFA requirements for ALL Intune enrollments, without any way to exempt certain user groups or any other controls.
Please offer some control for MFA settings for each kind of device registration - having one general switch for the whole tenant and all users is not useful.
Pavel Garmashov commented
This probably should be migrated into Conditional Access Policies - User Actions (same as Register Security Info).