Forum Discussion

VsolutionsIT's avatar
VsolutionsIT
Copper Contributor
Dec 06, 2018
Solved

Intune device enrollment only after approval from Admin.

Hi Team,

 

My client wants to implement below scenario.

 

Every time a user tries to enroll  device in intune ,  intune admin will get a notification email with approval request. The admin should be able to approve or reject this request and the user should be able to enroll only after the admin approves it.

 

Let me know if its possible if yes how to achieve it.

Intune
mobile device management (mdm)
  • Andrew Matthews's avatar
    Andrew Matthews
    Dec 06, 2018

    To my knowledge this is not a feature of Intune and would be impossible to code without support from the Intune Product Engineering team because you would have to change the Company Portal app.

     

    If you are trying to stop un-authorised mobile devices from registering then I suggest that you do the following.

    • block personal device enrollment using an enrollment restriction
    • When devices need to be enrolled then add the IMEI numbers of the devices to Intune as a corporate device identifier
    • Build an automation workflow in your service management tool that allows new devices to be authorised by a human before the devices can be enrolled

    This gives you the same outcome but does not involve wholesale re-engineering of the Company Portal app

     

    FYI these are links to the relevant documentation pages

     

    https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

    https://docs.microsoft.com/en-us/intune/corporate-identifiers-add

     

1 Reply

  • Andrew Matthews's avatar
    Andrew Matthews
    Iron Contributor
    Dec 06, 2018

    To my knowledge this is not a feature of Intune and would be impossible to code without support from the Intune Product Engineering team because you would have to change the Company Portal app.

     

    If you are trying to stop un-authorised mobile devices from registering then I suggest that you do the following.

    • block personal device enrollment using an enrollment restriction
    • When devices need to be enrolled then add the IMEI numbers of the devices to Intune as a corporate device identifier
    • Build an automation workflow in your service management tool that allows new devices to be authorised by a human before the devices can be enrolled

    This gives you the same outcome but does not involve wholesale re-engineering of the Company Portal app

     

    FYI these are links to the relevant documentation pages

     

    https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

    https://docs.microsoft.com/en-us/intune/corporate-identifiers-add