βοΈπͺπ§βπΌπCP - MDM Unenrollment Allow
π Policy detailsβ
| Field | Value |
|---|---|
| Platform | Windows 10/11 |
| Profile type | Settings catalog |
| Category | Experience > Allow manual MDM unenrollment |
| Setting name | AllowManualMDMUnenrollment |
| State | Enabled |
| CSP | Experience/AllowManualMDMUnenrollment |
π΅οΈββοΈ When to use thisβ
You only apply this when:
- A device needs to be unenrolled for staging or reprovisioning
- You're working in a test lab
- You're trying to fix something without nuking the entire environment
And yes, there should always be documentation and approval. Because βI needed to test somethingβ is not a valid excuse when the CFOβs laptop disappears from Intune.
π₯ Group Assignmentsβ
β Included:β
β Excluded:β
- (None) β this policy is not meant for the masses
π Relatedβ
- βοΈπͺπ§βπΌCP - MDM Unenrollment Block
- π‘οΈπ§βπΌππGroup - MDM Unenrollment Allowed users
- π§ Blog: Wait... Standard Users Can Do WHAT Now?!
π§ Final wordsβ
This setting is your emergency override. Like the Batcave self-destruct β donβt give out the password unless you're sure.
Use sparingly. Monitor carefully. And document like your job depends on it. (Because it probably does.)