Skip to main content

How To Configure Intune Device Enrollment Restrictions

 In this post, I will show you how to create and configure Intune device enrollment restrictions. Device Enrollment restrictions in Intune define what devices can enroll into management with Endpoint Manager.

https://directory6.org/listing/external-hard-drive-356330

With Intune, you can manage different types of devices. Intune Device restriction policies control a wide range of settings and features of mobile devices (iOS, Android, macOS, and Windows 11).

http://blog.pucp.edu.pe/blog/comprensionlectora5/2022/06/13/impact-of-our-food-consumption-on-our-environment/

As an Intune administrator, you can create and manage enrollment restrictions that define what devices can enroll into management with Intune which include:

  • A number of devices.
  • Operating systems and versions.

When you create a new restriction, it takes priority over the default policy. The priority level determines which policy gets applied when a group is targeted with multiple restrictions. You can also edit the enrollment restrictions after you create them.


In the next section, we will understand what are enrollment restrictions in Intune, and the types of enrollment restrictions. We will see how to configure the device limit and device platform restrictions in Intune.


What are Device Enrollment Restrictions in Intune?


Enrollment restrictions block Intune enrollment on devices that fall short of your device requirements. With Enrollment restrictions, you can define what devices can enroll into Intune for management. You can also prevent people from enrolling personal devices in Intune.


With enrollment restrictions, you can define who can enroll personal devices and restrict other users in Intune. For example, you may allow your IT team permission to enroll personal devices while everyone else cannot.

Types of Intune Device Enrollment Restrictions


There are two types of device enrollment restrictions available in Intune:

  • Device Platform Enrollment Restriction
  • Device Limit Enrollment Restriction

Both the device enrollment restrictions are available in Microsoft Endpoint manager Admin Center > Devices. You can configure the Intune enrollment restrictions to override the default ones.


In the Intune portal, the default restrictions are automatically provided for both device type and device limit enrollment restrictions.


You can change the options for the defaults. Default restrictions apply to all user and userless enrollments. You can override these defaults by creating new restrictions with higher priorities.

Difference between Device Platform Restrictions vs. Device Limit Restrictions

There is a major difference between device platform restrictions and device limit restrictions. The Device limit restrictions will let you restrict the number of devices allowed to enroll whereas Device platform restrictions let you restrict device platforms, OS versions, and personally owned devices.

Device type restrictions allow you to control enrollment rights based on the device itself type such as Android, iOS, macOS, Windows, ownership, operating system and version, and manufacturer.


Note that some of these values are only supported on certain types of devices. For example, macOS does not support restrictions based on OS version, and only Android enrollment can be controlled by the manufacturer.

The Intune device limit restrictions set the maximum number of devices that a user can control (the maximum setting is 15).


Create Device Platform Restriction in Intune


In Intune, you can configure device platform restrictions for the following device types:

  1. Android restrictions
  2. Windows restrictions
  3. macOS restrictions
  4. iOS restrictions

These restrictions don’t affect devices that have already been enrolled. Only
Let’s create a new enrollment device platform restriction in Intune:

  • Sign in to the Microsoft Endpoint Manager admin center.
  • Go to Devices > Enrollment device platform restrictions.
  • Select a restriction type that corresponds with the platform you’re configuring and click Create Restriction.
  • On the Basics page, specify the restriction name, and an optional description. Click Next.
  • On the Platform settings page, configure the restrictions for your selected platform. For example, if you had selected Windows Restrictions in the initial step, you get to Allow or Block MDM, Block personally owned devices. Configure the settings based on your requirements and click Next.
  • You may add scope tags to the restriction. Click Next.
  • On the Assignments page, select Add groups and then use the search box to find and select groups. To assign the restriction to all device users, select Add all users.
  • On the Review+Create page, review all the settings for device platform enrollment restrictions and click Create.
  • This completes the steps to create an enrollment device platform restrictions in Intune. You should see a notification about the creation of platform restrictions in the top-right corner of the Endpoint admin center console.

Labels:

Comments

Post a Comment

Popular posts from this blog

10 of the latest Microsoft Teams integrations to help you work smarter, not harder

We built Microsoft Teams as a platform to bring together all of your workplace tools, apps, and services—whether or not we built them—to allow you to deliver better workday flow for you and your employees. A lot of you recognize the power of Teams, and you’ve been asking how to use Teams to its full advantage. Look no further. Today, we’re sharing ten of the latest Teams integrations you can use every day to simplify workflows, refocus your attention, and get back to working smarter—not harder. This is something our CEO, Satya Nadella, recently addressed in his interview on the future of communication at work with the Wall Street Journal. http://www.kadimkrallik.com/forum/thread-49637-post-77336.html#pid77336 http://forum.mukhronus.com/thread-67277.html https://pozyczkaforum.pl/thread-145665.html https://www.netmaid.com.sg/forums/showthread.php?tid=1504&pid=3947#pid3947 https://forum.armdevelopers.com/thread-18108.html Ten of the latest integrations to try in Teams These ten integr
Post a Comment
Read more

Best Ways to Clear Clipboard History in Windows 11

 In this article, I will cover different methods to clear Clipboard history in Windows 11. The Windows 11 clipboard is a special place in the computer’s memory that stores everything you copy. When you copy content on your Windows 11 PC, it’s automatically copied to your clipboard for you to paste. Windows 11 Clipboard is a very useful feature but most Windows 11 PC users are unaware of Clipboard functionality. You can paste multiple items from your clipboard history. In addition, you can also pin the items you tend to use all the time and sync your clipboard history to the cloud. On Windows 11 PC, you can launch the clipboard using the Windows+V shortcut key. The Clipboard data shows the history of items that you have copied on a Windows 11 PC. http://www.nometoqueslashelveticas.com/2010/04/la-aspirina-se-anuncia-con-graffitis.html?m=0 https://www.iloveitallwithmonikawright.com/2010/12/get-ready.html You can pin an item if it’s important and used frequently, and you can even delete an
Post a Comment
Read more

Design your remote work culture with Microsoft Teams apps

Microsoft Teams is best known for group channels, chat conversations, meetings, and calendars all in one place, making team collaboration easier within a unified hub. But beyond this - by providing many ways that apps can integrate, Microsoft Teams is designed to be highly tailored. It can become a customized digital home for your team, well suited for remote work scenarios. Many teams are now fully working remotely. As they adapt, it’s important to keep experimenting in customizing the mix of communication styles and applications to find the right balance for your team. https://www.mazdaspeed.pl/forum/viewtopic.php?t=101428 Many of the app integrations for Microsoft Team focus on connecting with the apps you’re already using, like ADP or Adobe Creative Cloud. As you design and iterate on remote working to further keep your team culture together and integrated, many solutions within the Microsoft Teams Store are specifically designed to help keep teams working together. https:/
Post a Comment
Read more