Intune setting allow for auto enroll MAM but blocked MDM enrollment

Binh Nguyen · ‎Jul 09 2018

I am looking for some documentation that allow for MAM enrollment but disable MDM enrollment.

Is there any best practice such as setting I would need to follow.

Thanks.

Oliver Kieselbach · ‎Jul 25 2018

Hi Binh,

You can disable MDM enrollment of personal devices by using the Device Type Restrictions under:

Microsoft Intune > Device enrollment - Enrollment restrictions > All Users - Properties > Configure platforms and set the individual platforms to Block

This ends up that you are able to enroll into MAM as this is an AAD register of the device and not a MDM enrollment. As soon as an user tries to enroll via MDM (Company Portal) the action is blocked though this setting. A MDM enrollment would still be possible if the device will be registered before with Serial Number or IMEI under Corporate device identifiers.

best,

Oliver

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Intune setting allow for auto enroll MAM but blocked MDM enrollment

Intune setting allow for auto enroll MAM but blocked MDM enrollment

Re: Intune setting allow for auto enroll MAM but blocked MDM enrollment