If you work with Intune/Endpoint Configuration Manager you already know that you can implement certain restrictions for devices enrollment such as the number of devices a user can enroll (up to 15) or the operating system of the device (Android, iOS, macOS or Windows) and specific version (aka the build of the OS).
Well, these capabilities sometime where not sufficient and you ended to have personally owned devices being enrolled because of user error.
Good news, you can now implement a more granular restriction to exclude personally owned devices to be enrolled into Intune.
To implement this new capability, connect to your Intune portal (https://endpoint.microsoft.com/) and reach the Devices\Enrollment device platform restrictions blade
You will then first notice the restrictions are now split between each different operation system
From there you will need to access the corresponding tab for the operating system you want to configure a new restriction and click on Create restriction
For each different operating system you will have different options to block personal devices