A denylist is an explicit listing of devices or apps that are not allowed. An allowlist is a listing of devices or apps that are only allowed. Apply this concept to registration and you can control which devices are allowed to enroll in Workspace ONE UEM powered by AirWatch.

For example, in a deployment of only corporate-owned devices, you can create an allowlist of approved iOS devices. You can base this list of devices by International Mobile Equipment Identity (IMEI), Serial Number, or Unique Device Identifier (UDID). This way, enrollment is restricted to only those devices you have identified and enrollment by employee personal devices can be prohibited.

In addition, if a device is lost or stolen, you can add its IMEI, Serial Number, or UDID information to a list of denylisted devices. Denylisting a device unenrolls the device, removes all MDM profiles, and prevents enrollment until you remove the denylist.

A user's registration record is updated with the device information after enrollment. When the device is unenrolled, any other user trying to enroll the same device is blocked from enrollment until the registration record for the previous user is deleted.