Restrict Enrollment to a Group

Question

Hi AllIs there any way to restrict enrollment to a group?Info appreciated

oliver kieselbach · Answer

Hey&nbsp;StuartK73,
&nbsp;
you can restrict the MDM user scope to a AAD group:
&nbsp;

&nbsp;
This way only users in that AAD groups can enroll into MDM (Intune).
&nbsp;
best,
Oliver

moe_kinani · Answer

StuartK73&nbsp;&nbsp;You can also restrict by creating new restriction policy under enrollment restrictions:&nbsp;&nbsp;

stuartk73 · Answer

Moe_Kinani&nbsp;&nbsp;Yes, that's the method I'm using.&nbsp;Do you know what the UX is here? Especially if the device is an iOS DEP / Supervised one?&nbsp;Client is expecting the device to stay in Single App Mode if a user outwith the enrollment group tries to enroll.&nbsp;Info appreciated

moe_kinani · Answer

I would recommend use the policy without single app mode, as I didn’t have great experience with Single App mode.

Haven’t test it but expect this what happens with Single app mode:

You will boot the device to Portal app, you enter user and password, then you get message that you can’t enroll then you get stuck.

Curious to know your experience with single app mode, thanks Stuart!

stuartk73 · Answer

Hi Buddy.Single App Mode is client requirement and MUST be used.What I'm looking for clarification on is the user experience on entering the WRONG credentials or credentials of a user outside of the assigned groups.Stuart

Forum Discussion

Restrict Enrollment to a Group

6 Replies