Share via

Many of our users’ personal devices are showing up in Microsoft Defender

Syed Ishmam Ahmad 20 Reputation points
2026-03-24T18:39:10.9666667+00:00

Hello,

Many of our users’ personal devices are showing up in Microsoft Defender because they didn’t uncheck the box to “Allow my organization to manage my device” the first time they signed into their Office 365 email account in Outlook. Is there a way not to ask this question when they login to their Outlook with the corporate email from their personal devices and restrict from showing the devices in MS Defender?

Microsoft Security | Intune | Enrollment

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prathista Ilango 1,065 Reputation points Microsoft Employee
    2026-03-25T19:15:14.8966667+00:00

    Hello Syed Ishmam Ahmad,

    It is possible now to block “Allow my organization to manage my device” option. I think you are looking for the below setting,

    User's image

    For more details, refer to: Rethinking “Allow my organization to manage my device” Why opt‑in enrollment works better for Intun…

    Hope this helps!

    If you found the information above helpful, please Click Yes. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.

    0 comments
  2. Q&A Assist
    2026-03-24T18:39:22.5566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The prompt to “Allow my organization to manage my device” is part of the Entra account registration and device management flow. If users select Yes, their device is enrolled so the organization can manage security settings, apps, and policies, and the device can then appear in management tools such as Microsoft Defender.

    From the provided information:

    • Device management is what enables the organization to manage security settings and applications on personal or corporate devices and ensure only compliant devices access resources.
    • The device management screen is only displayed if the user selects Yes on the Entra account registration screen. If the user chooses options that do not enable device management (for example, “No, This App Only”), device management is not activated and the device will not be enrolled.
    • Once a device is enrolled, administrators can perform operations such as configuring device settings, enforcing security policies, and securing data on the device.

    To avoid personal devices being enrolled and then appearing in Defender, users must not enable device management during the sign-in flow. If they already did so and this caused issues, the referenced Q&A indicates that the root cause was the user choosing to allow the organization to manage the device during the “Automatically sign in to all desktop apps and websites on this device” prompt.

    The context provided does not describe a central, admin-side setting to completely suppress or remove this prompt for Outlook sign-in on personal devices. The behavior is controlled by the Entra account registration and device management flow, where the user’s choice determines whether the device is enrolled.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.