Merge pull request #7024 from CarHern/patch-13

PRMerger6 · web-flow · commit 35adb6583237 · 2022-07-08T10:18:50.000-07:00
further clarifying min/max OS version scenarios
diff --git a/memdocs/intune/enrollment/enrollment-restrictions-set.md b/memdocs/intune/enrollment/enrollment-restrictions-set.md
@@ -141,9 +141,13 @@ Intune also blocks personal devices using these enrollment methods:
     - **Platform** (Android only): Select **Allow** next to permitted platforms.    
     - **MDM** (Windows, macOS, and iOS/iPadOS): Select **Allow** next to permitted platforms.   
     - **Allow min/max range** (Android, Windows, iOS/iPadOS only): Enter the minimum and maximum OS versions allowed to enroll. Supported version formats include:  
-        - Android device administrator and Android Enterprise work profile support major.minor.rev.build.
-        - iOS/iPadOS supports major.minor.rev. Operating system versions don't apply to Apple devices that enroll with the Device Enrollment Program, Apple School Manager, or the Apple Configurator app.
-        - Windows supports major.minor.build.rev for Windows 10 and Windows 11 only.
+        - Windows supports major.minor.build.rev for Windows 10 and Windows 11 only.  
+        - Android device administrator and Android Enterprise work profile support major.minor.rev.build.  
+        - iOS/iPadOS supports major.minor.rev.  
+
+             > [!TIP]
+             > The min/max range isn't applicable to Apple devices that enroll with the Device Enrollment Program, Apple School Manager, or the Apple Configurator app. Although Intune doesn't block ADE enrollments that use Company Portal to authenticate, not meeting OS requirements impacts registration because devices can't create the Azure AD device record used to evaluate Conditional Access policies. You can tell that this is the case if a device user receives an error message that says "Couldn't map device record with a user" after they sign in to Company Portal.    
+        
     - **Personally-owned**: Select **Allow** to permit devices to enroll and operate as personal devices.  
     - **Device manufacturer**: Enter a comma-separated list of the manufacturers that you want to block.  
 
