Skip to main content

How To Configure Intune Device Enrollment Restrictions

 In this post, I will show you how to create and configure Intune device enrollment restrictions. Device Enrollment restrictions in Intune define what devices can enroll into management with Endpoint Manager.

https://directory6.org/listing/external-hard-drive-356330

With Intune, you can manage different types of devices. Intune Device restriction policies control a wide range of settings and features of mobile devices (iOS, Android, macOS, and Windows 11).

http://blog.pucp.edu.pe/blog/comprensionlectora5/2022/06/13/impact-of-our-food-consumption-on-our-environment/

As an Intune administrator, you can create and manage enrollment restrictions that define what devices can enroll into management with Intune which include:

  • A number of devices.
  • Operating systems and versions.

When you create a new restriction, it takes priority over the default policy. The priority level determines which policy gets applied when a group is targeted with multiple restrictions. You can also edit the enrollment restrictions after you create them.


In the next section, we will understand what are enrollment restrictions in Intune, and the types of enrollment restrictions. We will see how to configure the device limit and device platform restrictions in Intune.


What are Device Enrollment Restrictions in Intune?


Enrollment restrictions block Intune enrollment on devices that fall short of your device requirements. With Enrollment restrictions, you can define what devices can enroll into Intune for management. You can also prevent people from enrolling personal devices in Intune.


With enrollment restrictions, you can define who can enroll personal devices and restrict other users in Intune. For example, you may allow your IT team permission to enroll personal devices while everyone else cannot.

Types of Intune Device Enrollment Restrictions


There are two types of device enrollment restrictions available in Intune:

  • Device Platform Enrollment Restriction
  • Device Limit Enrollment Restriction

Both the device enrollment restrictions are available in Microsoft Endpoint manager Admin Center > Devices. You can configure the Intune enrollment restrictions to override the default ones.


In the Intune portal, the default restrictions are automatically provided for both device type and device limit enrollment restrictions.


You can change the options for the defaults. Default restrictions apply to all user and userless enrollments. You can override these defaults by creating new restrictions with higher priorities.

Difference between Device Platform Restrictions vs. Device Limit Restrictions

There is a major difference between device platform restrictions and device limit restrictions. The Device limit restrictions will let you restrict the number of devices allowed to enroll whereas Device platform restrictions let you restrict device platforms, OS versions, and personally owned devices.

Device type restrictions allow you to control enrollment rights based on the device itself type such as Android, iOS, macOS, Windows, ownership, operating system and version, and manufacturer.


Note that some of these values are only supported on certain types of devices. For example, macOS does not support restrictions based on OS version, and only Android enrollment can be controlled by the manufacturer.

The Intune device limit restrictions set the maximum number of devices that a user can control (the maximum setting is 15).


Create Device Platform Restriction in Intune


In Intune, you can configure device platform restrictions for the following device types:

  1. Android restrictions
  2. Windows restrictions
  3. macOS restrictions
  4. iOS restrictions

These restrictions don’t affect devices that have already been enrolled. Only
Let’s create a new enrollment device platform restriction in Intune:

  • Sign in to the Microsoft Endpoint Manager admin center.
  • Go to Devices > Enrollment device platform restrictions.
  • Select a restriction type that corresponds with the platform you’re configuring and click Create Restriction.
  • On the Basics page, specify the restriction name, and an optional description. Click Next.
  • On the Platform settings page, configure the restrictions for your selected platform. For example, if you had selected Windows Restrictions in the initial step, you get to Allow or Block MDM, Block personally owned devices. Configure the settings based on your requirements and click Next.
  • You may add scope tags to the restriction. Click Next.
  • On the Assignments page, select Add groups and then use the search box to find and select groups. To assign the restriction to all device users, select Add all users.
  • On the Review+Create page, review all the settings for device platform enrollment restrictions and click Create.
  • This completes the steps to create an enrollment device platform restrictions in Intune. You should see a notification about the creation of platform restrictions in the top-right corner of the Endpoint admin center console.

Labels:

Comments

Post a Comment

Popular posts from this blog

Best Ways to Clear Clipboard History in Windows 11

 In this article, I will cover different methods to clear Clipboard history in Windows 11. The Windows 11 clipboard is a special place in the computer’s memory that stores everything you copy. When you copy content on your Windows 11 PC, it’s automatically copied to your clipboard for you to paste. Windows 11 Clipboard is a very useful feature but most Windows 11 PC users are unaware of Clipboard functionality. You can paste multiple items from your clipboard history. In addition, you can also pin the items you tend to use all the time and sync your clipboard history to the cloud. On Windows 11 PC, you can launch the clipboard using the Windows+V shortcut key. The Clipboard data shows the history of items that you have copied on a Windows 11 PC. http://www.nometoqueslashelveticas.com/2010/04/la-aspirina-se-anuncia-con-graffitis.html?m=0 https://www.iloveitallwithmonikawright.com/2010/12/get-ready.html You can pin an item if it’s important and used frequently, and you can even delet...
Post a Comment
Read more

New research highlights massive opportunity to empower Firstline Workers with technology

As companies around the world digitally transform their business models, operations, and corporate cultures, many have rolled out cloud and mobile technologies that have also transformed the employee experience. For information workers, technology has created a more networked and open flow of information, made collaboration easier, and provided more flexibility in where, when, and how they work. http://manevialem.com/thread-198611.html https://www.ironvolk.com/Forum/showthread.php?tid=73849 But there’s another large and important segment of the workforce that has been underserved by technology to date. These are the more than two billion Firstline Workers worldwide, who work in roles that make them the first point of contact between a company and its customers or products. Firstline Workers comprise the majority of the global workforce and play a critical role in the global economy. https://nedds24.pl/showthread.php?tid=1765 https://forums.empressflyff.com/showthread.php?tid=74443 http...
Post a Comment
Read more

Best password managers

 We are terrible at passwords. We still suck at creating them (two of the most-used passwords remain “123456” and “password”), we share them way too freely, and we forget them all the time. Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. This is what makes a good password manager essential. http://weebbun.com/showthread.php?tid=226750 https://nvexotics.com/showthread.php?tid=8304 https://nftllamas.com/showthread.php?tid=100 https://forum.3dservers.com.br/showthread.php?tid=126 https://livegigs.org/forum/showthread.php?tid=242 A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password. It allows you to safely share those logins with others when necessary. And because these tools encrypt your login info in a virtual vault—either locally or in the cloud—and lock it with a single master password, they protect the passwords themselves. If you’re looking to up your securit...
Post a Comment
Read more