Intune lets the IT admin manage company’s workforce’s devices and apps and how users access company data. To use this mobile device management (MDM), the devices must first be enrolled in the Intune service. When a device is enrolled, it is issued a MDM certificate that is used to communicate with the Intune service.
Default Enrollment Restrictions
By default, everyone can enrol a maximum of 5 devices of any supported platform. If you want to control the maximum number of devices a user can enrol or limit what platform users can enrol, you need to manage the default Enrollment restrictions.
To configure the Enrollment restrictions, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click Devices, Enroll devices and then Enrollment restrictions
- On Enroll devices | Enrollment restrictions, click “All users” under Device Type Restrictions
- On All Users, click Properties
- On All Users | Properties, click Edit next to Platform settings
- On Edit restrictions you can configure the settings for the platform you want to allow or block the enrollment, including definition of versions and personally owner devices. Once you have made the changes, click Review + Save and after that click Save
Note: Intune classifies devices as personally-owned by default. We will be discussing Corporate devices in the future.
- Navigage back to the Enroll devices | Enrollment restrictions, click “All users” under Device Limit Restrictions
- On All Users, click Properties
- On All Users | Properties, click Edit next to Device limit
- On Edit restrictions, change the maximum number of devices a user can enrol and click Review + Save and then Save
Note: This restriction does not apply to Device enrolment managers
Adding Enrollment Restrictions
Sometimes it is required to have different restrictions per group of users. A example would be when the company only support Android devices, but for Directors, it allow the use of iPhone/iPad devices.
To configure add a new Enrollment restrictions, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click Devices, Enroll devices and then Enrollment restrictions
- On Enroll devices | Enrollment restrictions, click Create restriction and then select the restriction type
- On Create restriction, type a Name and description and click Next
- If creating a Device type restriction, configure the platform settings and click next
- if creating a Device limit restriction, configure the device limit and click next
- In the scope tags, add any scope tag necessary and click Next
Note: We will talk about scope tag in a future post
- In the assignment, select the groups you want to assign the restriction to and then click Next
- On Review + create, click Create
- Back to the Enroll devices | Enrollment restrictions, the new restriction will appear in the list
Assign Enrollment Restrictions
From time to time, you may want to remove or add extra groups to the list of users allowed to use the restrictions.
To assign an Enrollment restriction, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click Devices, Enroll devices and then Enrollment restrictions
- On Enroll devices | Enrollment restrictions, click the 3 dots next to the restriction you want to Assign and click Assign
- On Edit restrictions, remove assignment by clicking on Remove or add new assignment by clicking on + Select groups to include
- Once done, click Review + Save and then Save
Deleting Enrollment Restrictions
When an Enrollment restriction is no longer required, you may want to delete it.
To delete an Enrollment restriction, perform the following steps on a computer connected to the internet:
- Open a browser and navigate to https://devicemanagement.portal.azure.com
- click Devices, Enroll devices and then Enrollment restrictions
- On Enroll devices | Enrollment restrictions, click the 3 dots next to the restriction you want to delete and click Delete
- On the warning Message, click Yes
Article originally published on LinkedIn.
