Restrict Enrollment to a Group

Iron Contributor
Hi All

Is there any way to restrict enrollment to a group?
Info appreciated
6 Replies

Hey @StuartK73,

 

you can restrict the MDM user scope to a AAD group:

 

AAD-MDM.pngMDM-user-scope.png

 

This way only users in that AAD groups can enroll into MDM (Intune).

 

best,

Oliver

@StuartK73 

 

You can also restrict by creating new restriction policy under enrollment restrictions: 

 

Capture.JPGCapture2.JPG

@Moe_Kinani 

 

Yes, that's the method I'm using.

 

Do you know what the UX is here? Especially if the device is an iOS DEP / Supervised one?

 

Client is expecting the device to stay in Single App Mode if a user outwith the enrollment group tries to enroll.

 

Info appreciated

I would recommend use the policy without single app mode, as I didn’t have great experience with Single App mode.

Haven’t test it but expect this what happens with Single app mode:

You will boot the device to Portal app, you enter user and password, then you get message that you can’t enroll then you get stuck.

Curious to know your experience with single app mode, thanks Stuart!
Hi Buddy
.Single App Mode is client requirement and MUST be used.

What I'm looking for clarification on is the user experience on entering the WRONG credentials or credentials of a user outside of the assigned groups.

Stuart
I think the user will be stuck on the portal app and can’t navigate to anything else.

Moe