Enrollment restrictions let you fine-tune the enrollment parameters you want to apply to your deployment. When deciding which enrollment restrictions you might use, consider the following.

Consideration #1: Will You Restrict Specific Platforms, OS Versions, or Maximum Number of Allowed Devices?

  • Do you want to support only those devices that feature built-in enterprise management – such as Samsung SAFE/Knox, HTC Sense, LG Enterprise, and Motorola devices? If so, you can require that Android devices have a supported enterprise version as an enrollment restriction.
  • Do you want to limit the maximum devices that a user is allowed to enroll? If so, you can set this amount, including distinguishing between corporate owned and employee owned devices.
  • Are there certain platforms you do not support in your deployment? If so, you can create a list of blocked device platforms that prevent them from enrolling.

Your organization must evaluate the number and kinds of devices your employees own. They must also determine which ones they want to use in your work environment. After this work is complete, you can save these enrollment restrictions as a policy.

Consideration #2: Will You Restrict Enrollment to a Set List of Corporate Devices?

Additional registration options provide control of the devices that end users are allowed to enroll. Useful to accommodate BYOD deployments, you can prevent the enrollment of denylisted devices or restrict the enrollment to only allowlisted devices. You can allowlist devices by type, platform, or specific device IDs and serial numbers. For more information, see Add a Denylisted or Allowlisted Device.

Consideration #3: Will You Restrict the Number of Enrolled Devices Per Organization Group?

You can apply a limit on the number of enrolled devices to an organization group (OG). Imposing such a limit helps you manage your deployment by preventing you from exceeding the number of valid enrollments. For more information, see Enrolled Device Limit Per Organization Group.