If you are allowing/supporting Bring Your Own Device (BYPO), you may already have experienced unintentional mobile device management (MDM) enrolment for Entra registered devices because end-users does not really understand the prompt (“Allow my organization to manage my device”) they may receive when sign-in on applications.
To avoid such unintentional enrollment, Intune now allows administrators to disable MDM enrollment (applying only to Entra registered devices).
To disable automatic enrolment, access your Intune portal (Dashboard – Microsoft Intune admin center) to access the Devices\Device onboarding\Enrollment blade to reach the Automatic Enrollment option
There turn the “Disable MDM enrollment when adding work or school account on Windows” option
NOTE this feature is currently in preview
As result, the above “Allow your organization to manage your device” prompt will be skipped.