Tech Community Live: Microsoft Intune
Jun 22 2023, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Restrict device enrollment for some users

Occasional Contributor

We have AD with Azure AD connect.
We use Intune MDM/MAM and auto-enroll Windows 10 devices, iOS and Android.
All users have the EMS license.

We are requesting a way to restrict the Intune enrollment for some users (not all) to only have one device.
Is there a way?

Im trying to think out a way with Conditional Access and Dynamic groups but I dont get it all the way.

We can go the other way around, restrict all users to only be able to register one device (this is easy). Then allow some users to register more.

Grateful for any tip or a nice complete solution

7 Replies
best response confirmed by Fredrik Carenborn (Occasional Contributor)

Hi Fredrik,


this is possible with "group-assigned enrollment restrictions". 

See Intune announcement "Week of November 27, 2017" here:

So it's announced back in November but it's still in rollout (all my tenants do not have the feature available yet). So your tenant might not see the feature at the moment. Be patient and wait for it, it will exactly address your needs.




That is great news. Altough I haven't seen it in our tenant yet. 
Device Restriction.PNG


Is there a way to speed-up the "upgrade" ?

No there is no way, you have to be patient. You need to wait until global rollout is finished.




FYI: my tenant got updated and has enrollment restrictions now available...



Ok. Still nothing at our tenant. Im placed at northen europe, Sweden.

We are in west europe, tenant pprobably Amsterdam or Ireland.

Ok I got it now in my tenant :D