Block Users from Installing programs with Azure AD joined Devices

installation azure microsoft-office-365 azure-active-directory microsoft-intune

I am looking for a way to block users from installing programs without an on prem AD domain (so no GPOs etc.). We have Office365 and the included Azure AD. The devices have not yet been joined to Azure AD but that is in the works. We are also considering adding Intune and or a Premium version of Azure AD for co-management if that will help us.

Basically, we need a way to block users from installing programs or applications on their machines. Ideally, there would be an easy way to make exceptions either for particular users or for particular applications but this is not a requirement.

Is there a way to implement such a policy using Azure AD, Intune or other programs which are part of the Office365 suite?


Solution 1:

There’s nothing native in just Azure AD to do this, you would also need to look at something like inTune.

InTune supports various different restrictions on Windows 10 - https://docs.microsoft.com/en-us/intune/configuration/device-restrictions-windows-10#app-store

Related

Do I need 2 virtual hosts for both www.example.com and just example.com?
cannot access some ports even with firewall disabled
Registered domain using Route 53, using Cloudflare for DNS, having problems configuring DNS correctly
Unlock GPO enabled "Lock all taskbars" on one PC
X509 certificates - Are there any naming conventions?
pcs creating cluster fails because of unknown hosts
What is the difference between renice and chrt commands in Linux?
qemu running in ssh: how to exit?
How to permanently set vault token and url remote server in macos
Managing Authentication on REST APIs
Install not signed driver in Windows 2019 with no prompt
Auto-resize multiple Forms rendered on Panel