Support group exemption for Azure AD Join MFA requirement
Please add a feature that allows IT-Pros (Azure AD Admins) to define a exemption group for people performing Azure AD join. Not every user in a company uses Autopilot for setting up his/her own device or performs the Azure AD Join. Normally this is handled by the IT department. It would be nice if one could use a bypass group during Azure AD join for these users.
We have a setting that can control who can do Azure AD join and who cannot
Nathan O'Sullivan commented
https://docs.microsoft.com/en-us/intune/device-enrollment-manager-enroll ..... you should be managing the devices with something imo
Alexander Filipin commented
Would it make sense to get "Azure AD Join" as application to apply a CA policy like we have "Intune Enrollment". However, that would bring a license requirement.
Also, do you have a lot of use cases where devices are only AAD joined but not Intune managed?