Last year I wrote a blog on how to control what versions of operating systems you want to support via Microsoft Intune. So we can follow Microsoft on what Operating Systems they support with Intune, like Microsoft announced recently dropping support for Android 4.3 and lower and iOS version 8 and lower, or we are in control and decide ourselves what to support. Next to what I wrote about in the blog last year, Microsoft added more controls for us.
The Intune service already supported allowing or blocking the Android, iOS, MacOs and/or Windows platforms in general and for the Android, iOS and MacOs platforms also for Bring Your Own Devices. As from now we are able to control from what Operating System versions users are actually able to enroll into Microsoft Intune up front instead of by using the compliance policies.
Under Device Enrollment > Device restrictions in the Intune on Azure portal you are able to configure a minimum or maximum Operating System version for Android and iOS under platform configurations.
Setting the Maximum value for instance for iOS to 10.2.0 as a test will block a device that has iOS version 10.3.3 installed.
When trying to enroll the device in Intune with a device that has iOS version 10.3.3 installed will be locked with the message as shown below. In production you would most likely work with a minimum version of Android, iOS or MacOs.
The lesson is to stay in control so you are not actually managing for instance over thousands and thousands of different flavors of Android.