[Feature Request]: Entra ID Lockdown for Enrolment

[Adzino1]

Please confirm:

• I have searched existing feature requests (open and closed) and found no duplicates.
• **me or my organization is currently an active sponsor of the product at the $99,- level.

Problem Statement

We'd like to adjust the below settings within CIPP settings or Standards (likely a standard would work best)

"Users may join devices to Microsoft Entra" > Admins only
"Registering user is added as local administrator on the device during Microsoft Entra join (Preview)" > Disabled
"Restrict users from recovering the BitLocker key(s) for their owned devices" > Yes

Benefits for MSPs

More control of the settings and can be defaulted across their clients.

Value or Importance

Important and a good nice to have.

PowerShell Commands (Optional)

1. Restrict device join to admins only

Write-Host "Setting: Only admins can join devices to Microsoft Entra..."

Update-MgPolicyAuthorizationPolicy -DefaultUserRolePermissions @{

AllowedToJoinDevices = $false

}

2. Disable local admin rights for registering user during Entra join

Write-Host "Disabling local admin rights for registering users..."

Update-MgPolicyDeviceRegistrationPolicy -LocalAdminEnabled $false

[github-actions]

Hello,

Thank you for your interest in improving CIPP!
To keep our development process focused and manageable, feature requests are limited to paying users. This policy helps us prioritize improvements that directly benefit those actively supporting CIPP and ensures we can sustain our development and support.

When a sponsor makes a feature request, their support covers training, development, documentation, and security checks. Allowing non-sponsor requests could lead to a backlog that slows down updates and stretches resources thin, ultimately affecting the quality and sustainability of CIPP.

While we’ve closed this request, we appreciate your input. You’re always welcome to participate in ongoing discussions or contribute to open issues. If you are a developer, feel free to open a PR that includes your feature request or comment "I’d like to work on this!" to assign the issue to yourself.

Did you get this notification in error? Reply with a screenshot of your sponsorship payment and we’ll reopen the issue.

Thank you for understanding,
The CIPP Team