Monday, 6 April 2015

Microsoft Intune - restrict the number of devices a user can enroll

EMS Landing page

March was another great month for updates to Microsoft Intune. See the Team Blog for full details.
  • Ability to streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP) 
  • Ability to restrict access to SharePoint Online and OneDrive for Business based upon device enrollment and compliance policies 
  • Management of OneDrive apps for iOS and Android devices
  • Ability to deploy .appx files to Windows Phone 8.1 devices
  • Ability to restrict the number of devices a user can enroll in Intune
Check out the last item on that list. This was a feature that I and several of my customers have been waiting for. Previously the only limit that was imposed was that a user could enroll 5 devices. This was more a licensing limitation than something an administrator could control. Now we can control this. Let's see what it looks like.



In the Intune Portal navigate to Administration > Mobile Device Management > Enrollment Rules.


5 is the default Device Cap (defined by licensing). See that we can now choose any number we like under 5.


I want to see what the client behaviour will be like so I will choose a Device Cap of 1 for the moment.


See Tom has already enrolled a device. He shouldn't be allowed to enroll another.


OK. Let's get Tom to try to enroll another device (an Android tablet).


As expected he can't. See that he can "Email diagnostic information to the IT Admin". Let's check that box and see what happens.


Log files are created and can be emailed to your IT contact (I've sent this email using web mail).


See that the log files have been delivered.


The CompanyPortal.log file has a lot of errors and information for the IT Admin.


See the OMADMLog.log file. It tells us the a "device admin request" has been declined for that user.


OK. Let's get back to Tom. He can't enroll his device so we better raise the Device Cap again. We'll leave it at the default 5.


Tom tries to enroll his second device..........


...... and he is successful this time.






4 comments:

  1. What if user already enrolled 5 devices? Any device stop working or we have to remove manually.
    Amir

    ReplyDelete
  2. That's a very good question and I was wondering myself. I cannot find any documentation on it and will test shortly.

    ReplyDelete
  3. is this setting set global or can it set for each user?

    ReplyDelete
    Replies
    1. Unfortunately it's all or nothing Patrick. It would be good if you could create a policy with this setting and apply it to a group of users.

      Delete