SOLVED
Home

Intune device enrollment only after approval from Admin.

%3CLINGO-SUB%20id%3D%22lingo-sub-296657%22%20slang%3D%22en-US%22%3EIntune%20device%20enrollment%20only%20after%20approval%20from%20Admin.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-296657%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20client%20wants%20to%20implement%20below%20scenario.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEvery%20time%20a%20user%20tries%20to%20enroll%26nbsp%3B%20device%20in%20intune%20%2C%26nbsp%3B%20intune%20admin%20will%20get%20a%20notification%20email%20with%20approval%20request.%20The%20admin%20should%20be%20able%20to%20approve%20or%20reject%20this%20request%20and%20the%20user%20should%20be%20able%20to%20enroll%20only%20after%20the%20admin%20approves%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELet%20me%20know%20if%20its%20possible%20if%20yes%20how%20to%20achieve%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-296657%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-296766%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20device%20enrollment%20only%20after%20approval%20from%20Admin.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-296766%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20my%20knowledge%20this%20is%20not%20a%20feature%20of%20Intune%20and%20would%20be%20impossible%20to%20code%20without%20support%20from%20the%20Intune%20Product%20Engineering%20team%20because%20you%20would%20have%20to%20change%20the%20Company%20Portal%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20trying%20to%20stop%20un-authorised%20mobile%20devices%20from%20registering%20then%20I%20suggest%20that%20you%20do%20the%20following.%3C%2FP%3E%3CUL%3E%3CLI%3Eblock%20personal%20device%20enrollment%20using%20an%20enrollment%20restriction%3C%2FLI%3E%3CLI%3EWhen%20devices%20need%20to%20be%20enrolled%20then%20add%20the%20IMEI%20numbers%20of%20the%20devices%20to%20Intune%20as%20a%20corporate%20device%20identifier%3C%2FLI%3E%3CLI%3EBuild%20an%20automation%20workflow%20in%20your%20service%20management%20tool%20that%20allows%20new%20devices%20to%20be%20authorised%20by%20a%20human%20before%20the%20devices%20can%20be%20enrolled%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThis%20gives%20you%20the%20same%20outcome%20but%20does%20not%20involve%20wholesale%20re-engineering%20of%20the%20Company%20Portal%20app%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFYI%20these%20are%20links%20to%20the%20relevant%20documentation%20pages%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fenrollment-restrictions-set%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fenrollment-restrictions-set%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fcorporate-identifiers-add%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fcorporate-identifiers-add%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
VsolutionsIT
Occasional Visitor

Hi Team,

 

My client wants to implement below scenario.

 

Every time a user tries to enroll  device in intune ,  intune admin will get a notification email with approval request. The admin should be able to approve or reject this request and the user should be able to enroll only after the admin approves it.

 

Let me know if its possible if yes how to achieve it.

1 Reply
Solution

To my knowledge this is not a feature of Intune and would be impossible to code without support from the Intune Product Engineering team because you would have to change the Company Portal app.

 

If you are trying to stop un-authorised mobile devices from registering then I suggest that you do the following.

  • block personal device enrollment using an enrollment restriction
  • When devices need to be enrolled then add the IMEI numbers of the devices to Intune as a corporate device identifier
  • Build an automation workflow in your service management tool that allows new devices to be authorised by a human before the devices can be enrolled

This gives you the same outcome but does not involve wholesale re-engineering of the Company Portal app

 

FYI these are links to the relevant documentation pages

 

https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set

https://docs.microsoft.com/en-us/intune/corporate-identifiers-add

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies