Goal: Enroll the laptop in Intune, join Entra ID, and create a policy to block regedit.exe and notepad.exe for Eagle.Talon@HopTechOne.onmicrosoft.com (assigned to “NotepadDenyUsers” group), while allowing JohnHopkins@HopTechOne.onmicrosoft.com and LocalAdmin.

Tools: Firefox, LastPass, PowerShell 7.5.3, PsTools, Microsoft Graph module.

Challenges: AzureAdJoined: NO, Workplace Join conflicts, registry blocks on LocalAdmin, DNS propagation for HopTechOne.com.

Multiple issues. Everything from not wanting to join Azure AD to having to install Microsoft Graph.

Key Takeaway:

The free Azure trial has MANY hidden limitations that ate up time and cause hours of frustration. I shifted to a 30-day Microsoft 365 Business Premium trial (now being billed but it’s worth it to continue learning), creating only two users: JohnHopkins (Global Admin) and Eagle.Talon (licensed user) to keep costs down.