with some simple text fields that can be displayed to the end user for them to accept. You also then specify the URL in the MDM enrollment settings to make that happen during OOBE:
That’s the easy (and safe) part. Next, you need to create a conditional access policy. I am a conditional access neophyte (still teaching myself all the Intune features, and I’m not sure I’ll ever finish that task), so I’m fairly cautious (as I’ve seen the customer support calls from customers that have locked themselves out of their entire tenants). But if scoped to a limited set of users, you can at least limit the harm. So here’s what I set up:
First, limit the impact to a group of users. (I also excluded Global Administrators, just in case.)
Then, only affect the Microsoft Intune Enrollment app.
And only for Windows.
And that policy was then enabled. And here’s the results, seen after putting in the user’s e-mail address (UPN) and password:
Pretty (although I still think it’s silly).
Categories: Azure Active Directory, Microsoft Intune