Every week Microsoft Introduces new features to Microsoft Intune which you can find it from https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new .
As of May 11th ,2020, Microsoft releases new feature which is very helpful for intune admins to customize the self-service device actions in the company portal for enrolled devices.
When a device is successfully enrolled into Microsoft Intune, users can perform the following actions (self-service) using the Company Portal app, Company Portal website, or the Intune app on Android..
Following are the available self-service device actions when a device successfully enrolled to Intune:
- Retire – Removes the device from Intune Management. In the company portal app and website, this shows as Remove.
- Wipe – This action initiates a device reset. In the company portal website this is shown as Reset, or Factory Reset in the iOS/iPadOS Company Portal App.
- Rename – This action changes the device name that the user can see in the Company Portal. It does not change the local device name, only the listing in the Company Portal.
- Sync – This action initiates a device check-in with the Intune service. This shows as Check Status in the Company Portal.
- Remote Lock – This locks the device, requiring a PIN to unlock it.
- Reset Passcode – This action is used to reset device passcode. On iOS/iPadOS devices the passcode will be removed and the end user will be required to enter a new code in settings. On supported Android devices, a new passcode is generated by Intune and temporarily displayed in the Company Portal.
- Key Recovery – This action is used to recover a personal recovery key for encrypted macOS devices from the Company Portal website.
Now with intune release version (2005), you can restrict (hide) some of the self-service device actions from users.
- Hide Remove button on corporate Windows devices.
- Hide Reset button on corporate Windows devices.
- Hide Remove button on corporate iOS/iPadOS devices.
- Hide Reset button on corporate iOS/iPadOS devices.
How to configure these settings in the Intune portal?
Login to https://endpoint.microsoft.com/ , browse to Tenant Administration , you will notice the service release 2005.
On the left, click on the Customization and click on Edit default policy.
Scroll down all the way to see the Hide features.
You can enable the actions to hide from users on respective devices.
when you make changes to the default policy, it will be applied to all users who have successfully enrolled the devices.
Is there a way to apply these settings to specific group instead of applying all users? No, I cannot find it. I tried creating custom policy but it doesn’t have the above settings to hide.
So it is default policy for now and changes to this will be applicable to all users.
Hope it helps!
References:
User self-service device actions from the Company Portal