Cloud Infrastructure Enterprise Mobility + Security

Block personal Android devices from enrolling in Microsoft Intune

Block personal Android devices from enrolling in Microsoft Intune

Hello everyone,

In this post, I am going to discuss a scenario in which you can block personal android devices from enrolling into your Intune MDM. This is particularly useful if you only want to be able to fully manage corporate devices in your environment. The first step is to distinguish between corporate and personal. To do this you must obtain a list of either IMEI or Serial numbers for your corporate devices.

Next you need to login to the Device Management Portal. In Intune go to Device Enrollment > Corporate Device Identifiers. Here is where you add your serial or IMEI numbers. You can do this by either uploading a csv file or entering manually.


Once you have entered your corporate device indentifiers those devices are automatically enrolled as “Corporate Devices”. The next step is to block enrolment of personal devices. You can do this by navigating to Intune > Device Enrollment > Enrollment Restrictions.


Under Device Type Restrictions click on “Default” and then navigate to “Properties”. Under properties click “Configure Platforms” and next to android change the selection from “allow” to “block” for personally owned devices and click ok.


You have now successfully blocked personal android devices from being enrolled into Microsoft Intune.

About Author

Rezwanur Rahman

Rezwanur Rahman is the Microsoft Graph MVP, located in Innsbruck, Austria. He is the ex-Microsoft employee at Microsoft Bangladesh, and Microsoft Technical Support Lead for Microsoft 365 Global Support. He is a software engineer graduate and currently contributing technical knowledge on Microsoft Copilot and ChatGPT.

Leave a Reply

Your email address will not be published. Required fields are marked *