Forum Discussion

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Hi Stuart

    First of all: what are you trying to accomplish exactly?

    Personal vs corporate devices:
    Corporate identifiers and enrollment restrictions are two different things and don't actually work together.

    Corporate identifiers change whether an ENROLLED device is seen as personal and corporate. This is a simple field that is being changed in Intune. Using that field you could create dynamic groups to deploy different policies to.

    Enrollment restrictions will say if personal devices can be enrolled? What is the difference between personal and corporate devices? Please check out this link: https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment#corporate-owned-device

    For example for IOS:
    - Devices enrolled through the company portal are personal
    - Devices enrolled through DEP are corporate

    Even if you have set-up corp identifiers to identify a device as corporate. If you enroll it through the company portal. it will always fail because it is a personal enrollment method. Corp identifiers only work after enrollment.

    If you want to secure data from the device on corporate/personal devices, I would recommend looking into app protection policies and conditional access.

    Feel free to reach out with more requests!

Resources