Enrollment restrictions allows you to provision enrollment such as restricting enrollment to known users, user groups, and number of enrolled devices allowed.
These options are available by navigating to and choosing the Restrictions tab allows you to customize enrollment restriction policies by organization group and user group roles.
You can create enrollment restrictions based on:
- Android manufacturer and model to ensure only approved devices are enrolled into Workspace ONE UEM.
Note: Some devices are manufactured by other vendors. You can create a policy with the actual manufacturer of the device for policies to come into effect.The following are some ways to identify the device manufacture:
- Navigate to the About page in device settings.
- With an adb command:
adb shell getprop | grep "manufacturer".
- Allow or deny devices by UDID, IMEI, and serial number.
Note: When enrolling Android 10 or later devices into Work Profile mode, the devices are held in a pending status until the UEM console is able to retrieve the IMEI or Serial Number from the the devices to see if they are allowed or denied. Until this is verified, the device will not be fully enrolled nor any work data sent until enrollment is complete.
For more information, see Create an Enrollment Restriction Policy
