Forum Discussion

drivesafely's avatar
drivesafely
Iron Contributor
Dec 10, 2024

Guidance on Intune MDM/MAM Setup

Hello All,  

We are implementing Intune for MDM and MAM on iOS and Android devices.  

If a user (with an Entra account) has two devices, one corporate-owned and one personal, then how can we ensure that:  
1. The corporate device is enrolled as MDM.  
2. The personal device is enrolled as MAM.  

Additionally, is it possible to block all device enrollments by default and only allow devices to enroll via serial/IMEI numbers using a policy?  

Thanks

Intune
Mobile Application Management (MAM)
mobile device management (mdm)

3 Replies

  • Ankido's avatar
    Ankido
    Iron Contributor
    Dec 10, 2024

    Hi DriveSafely,

    You mentioned earlier that you are using both MDM and MAM to enroll corporate devices and BYOD. If you want to ensure that a device is enrolled in MDM or MAM, follow these steps:

    1. Navigate to Entra IDManageDevicesAll devicesAdd filterMDM. You should see whether the user is enrolled in MDM or MAM.

     

    1. If you want to restrict enrollment by groups – for example, only allowing users with an Intune license based on a dynamic group, or blocking users from enrolling entirely, follow these steps:
      • Within Microsoft Entra ID, expand Settings and click on Mobility.
      • Within the Mobility portal, click Microsoft Intune, and you should see all settings.
    2. You can also restrict the number of devices a user can enroll by following these steps:
      • Navigate to IntuneDevicesEnrollmentEnrollment device limit restriction, and specify the desired limit.
    3. Finally, you can create Enrollment Restrictions as shown below.

    I hope this resolves the issue. Feel free to reach out to me if you need further assistance.

    • drivesafely's avatar
      drivesafely
      Iron Contributor
      Dec 12, 2024

      Hello Ankido 

      Thanks for your response.

      With regards to blocking devices from enrolling, i meant that we do not want everyone to enroll a device unless it is kind of allowed in Intune, say based on IMEI or Serial no.

      • Ankido's avatar
        Ankido
        Iron Contributor
        Dec 12, 2024

        Based on my experience, there isn't a specific policy or button to block devices that haven't registered a hardware hash or IMEI. However, you can restrict the number of devices and IMEIs per user as I have demonstrated. This approach allows you to have more control over all devices, and if someone needs to enroll additional devices, you can simply create or modify the restrictions.🤗

Resources