We have a cloud-only setup using Azure AD + Intune to manage our organisation's windows devices, since all are remote workers/work from home.
I'm looking to remove the possibility for users to receive remote connections from anyone other than our IT team. Perhaps an unusual one, but in our small non-profit scenario its somewhat likely that users may consult their own local computer shops/IT support services to solve queries on their org devices. Obviously, this has the potential to be a security and data protection nightmare.
Is there any way of preventing users on Intune PCs from receiving any kind of remote support from anyone that isn't our IT team (teamviewer,etc)? It seems this could be kinda hard when we don't have the benefit of a domain group policy.