Hey, let’s learn how to Enable or Disable Device Discovery to Identify Same Network Devices using Intune Policy. In Microsoft Intune, you can see many policies. In the post, we discussed about Allow Device Discovery policy under the Experience settings. Device discovery means finding and identifying all the devices, like computers, phones, and tablets, in a network.
In Microsoft Intune, devices are discovered when they are enrolled using methods like Azure AD join or manual setup. Once a device is added, Intune collects details such as the device name, type, and status. This helps IT manage updates, apply settings, and keep the network secure.
Using Intune policies, you can allow or block device discovery. For example, you can block unknown or personal devices from connecting or being discovered by setting device restriction policies. This improves control and keeps the network safe.
This blog post provides complete guidance on managing the Device Discovery Policy in Microsoft Intune. It is a step-by-step instruction on how to enable or disable this policy, monitor its status, and understand client-side verification.
Table of Contents
What are the Benefits of Enabling Devices Discovery Policy using Intune?
Enabling the Device Discovery policy in Intune helps organizations detect unmanaged or unknown devices within their network. This allows IT administrators to maintain better visibility and control over their device environment, improving overall security and compliance.
1. Improved Visibility
2. Enhanced Security
3. Compliance Enforcement
4. Better Inventory Management
5. Streamlined Onboarding
Allow or Block Device Discovery Policy
The Allow or Block Device Discovery policy can be easily configured on Windows devices using either Microsoft Intune or by setting a custom OMA-URI (Open Mobile Alliance Uniform Resource Identifier). This blog post will detail both methods.
- Bluetooth and Device Settings in Windows 11
- Intune MAM for Personal Windows Devices is now Generally Available
- Enable SCCM Active Directory User Discovery | Exclude OU | ConfigMgr | Best Guide
Configuration Service Provider (CSP)
The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains that the Description framework properties and values can be used.
Description framework properties: The following table shows the description framework properties of the Device Discovery policy.
| Property Name | Property Value |
|---|---|
| Format | Int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
Assigned Values
- 0 – Disabled
- 1 – Enabled
.
Steps to Device Discovery Policy using Intune
To start deploying a policy in Intune, sign in to the Microsoft Intune Admin Center. Then go to Devices> Configuration under the Manage devices> Policies> Create> New policy.
- Platform – Windows 10 and later
- Profile type – Setting catalog
Basic Step for Device Discovery Policy
In the Basic tag, input the Name and Description for the profile. I recommend giving a name (Allow Device Discovery) and a Description (To Allow Device Discovery). The Name is the mandatory field and you have fill this.
Configure Device Discovery Policy
When you click Next, you will get the Configuration Settings section. In the Configuration Settings section, under Settings Catalog, click Add Settings. Type “Experience” in the search box and click Search, then select Allow Device Discovery from the search results.
After closing the Settings Picker, the policy we chose will now be visible in the Configuration Settings. By default, the Allow Device Discovery is Allow.
Block Device Discovery Policy
If we block or don’t configure this policy, you can block the Device Discovery policy by toggling the switch. After reviewing or adding more settings, you can click the Next button to proceed.
Scope Tag
The next section is the Scope tag which is not a mandatory step. It helps to assign this policy to a defined group of users or devices. To skip this section is preferable.
Assignments
We need to add groups in this section. The assignments in Microsoft Intune determine which users or devices a policy applies to. The selected group will show on the assignment page. Then, click Next to proceed.
Final Stage for Device Discovery Policy
This part gives us a summary of the details are we have given for the policy creation. Because Review + Create is the final step of a policy deployment. We can go through it and confirm that all the information given was correct. Just click Create, and then we can see the notification(Policy ” Allow Device Discovery” created successfully).
Monitoring Status
To check the monitoring status, go to Devices > Configuration Policies. In the Configuration policies section, search for the policy we created, which is “Allow Device Discovery“. We can find the result as 1 Succeeded. Use manual sync in the Company Portal to speed up the process.
Client Side Verification
To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. From the list of policies, use the Filter Current Log option and search for Intune event 813.
MDM PolicyManaqer: Set policy int, Policy: AllowDeviceDiscovery)
EnrollmentID requestinq merqe: (EB427D85-802F-46D9-A3EZ-D56414587F63), Current User.
(Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0).Area: (Experience),
How to Remove Assigned Group from the Allow Device Discovery Policy
Removing an assigned group from a policy is sometimes necessary for security, compliance, or operational efficiency. Open the policy from the Configuration tab and click on the Edit button on the Assignment tab. Click on the Remove button on this section to remove the policy. Click Review + Save after making the change.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete a Policy from the Intune Portal
To delete an Intune policy for security or operational reasons. I will demonstrate how to delete an Intune policy through the Allow Device Discovery. Click the three dots, then click the Delete option.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
OMA-URI Settings to Power Sleep Policy
An OMA-URI is a unique address that points to a specific setting controlled by a Configuration Service Provider (CSP). It is a text string that sets custom configurations on Windows 10 and 11 devices, and its format depends on the CSP itself. Here’s a step-by-step guide.
- Sign in to Microsoft Intune
- Go to Devices > Configuration
- Click Create, and then the new policy.
- Choose the platform as Windows 10 or later.
- For Profile type, select Templates and then choose Custom.
- Provide a Name: Allow Device Discovery
- Add a Description( e.g To Allow Device Discovery Policy)
- Click on + Add under OMA-URI Settings to configure the specific setting.
- To Configure the OMA-URI Setting, do the following
- Enter a name, such as Allow Device Discovery
- Description: To Allow Device Discovery Policy
- Enter the following OMA-URI path: ./Device/Vendor/MSFT/Policy/Config/Experience/AllowDeviceDiscovery.
- Set the Data type to Integer.
- Enter the value
- 1 to Enable Device Discovery Policy.
- 0 to Disable Device Discovery Policy.
- After entering the above details, click the Save button.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.