When integrating AirWatch with directory services, you can determine which users can enroll devices into your corporate deployment.

You can restrict enrollment to only known users or to configured groups. Known users are users that already exist in the AirWatch Console. Configured groups are users associated to directory service groups if you choose to integrate with user groups. You can also limit the number of devices enrolled per organization group and save restrictions as a reusable policy.

These options are available by navigating to Groups & Settings > All Settings > Devices & Users > General > Enrollment and choosing the Restrictions tab. The Restrictions tab allows you to customize enrollment restriction policies by organization group and user group roles.

  • Create and assign existing enrollment Restrictions policies using the Policy Settings.
  • Assign the policy to a user group under the Group Assignment Settings area.
  • Blacklist or whitelist devices by platform, operating system, UDID, IMEI, and so on.

For information about integrating your directory services groups with AirWatch, see Map Directory Services Group Information.


Restrictions do not apply for iOS devices enrolled through Apple's Device Enrollment Program (DEP), because the required device information is only received after the device has been enrolled.