How can I block install programs in Windows using Azure AD

0
votes

I want know how can I block install programs of users from my organization using Azure Active Directory, I'm sync the accounts from Office365 and the devices are in Azure Active Directory.

I searched in Microsoft Documentation, but I haven't found nothing about it.

Someone can help me please?

Tks

1
azureazure-active-directoryoffice365

1 Answers

0
votes

By default, Azure AD adds the user performing the Azure AD join to the administrator group on the device.

Removing admin privileges for those users can block installation of programs on devices joined to Azure AD.

You have two options:

  • Windows Autopilot - Windows Autopilot provides you with an option to prevent primary user performing the join from becoming a local administrator.
  • Bulk enrollment - An Azure AD join that is performed in the context of a bulk enrollment happens in the context of an
    auto-created user.

See details here: Manage regular users on Azure AD joined devices.