Understand Intune and Microsoft Entra device limit restrictions - Microsoft Intune (2024)

Table of Contents
In this article Intune device limit restrictions Microsoft Entra device limit Applicable scenarios Android and iOS devices iOS or Android devices example 1 iOS or Android devices example 2 Windows devices Windows 10/11 example 1 Windows 10/11 example 2 Next steps FAQs
  • Article

Applies to

  • Android
  • iOS
  • macOS
  • Windows 10
  • Windows 11

There are two ways to limit the number of devices an employee or student can use for work or school. You can:

  • Configure device limit restrictions in the Microsoft Intune admin center.
  • Configure a device limit in the Microsoft Entra admin center.

This article provides an overview of each limitation, and describes the device conditions and provisioning scenarios that support them.

See Also
Microsoft Intune Service DescriptionModernizing Microsoft's Internal Help Desk with ServiceNowLearn about using Windows Update for Business in Microsoft IntuneEnroll Device on Intune without Azure AD connect - Microsoft Q&A

Intune device limit restrictions

Configure Intune device limit restrictions to limit the number of devices a user can enroll in Microsoft Intune. You can allow a user to enroll up to 15 devices. To create a device limit restriction, sign in to the Microsoft Intune admin center and go to Devices > Enrollment. For more information, see Create a device limit restriction.

Intune device limit restrictions don't apply to devices enrolled via:

  • Android device administrator + device enrollment manager
  • Android Enterprise dedicated device
  • Co-management with Configuration Manager
  • Automatic enrollment + group policy
  • Automatic enrollment + device enrollment manager
  • Automatic enrollment + bulk device enrollment
  • Windows Autopilot

Devices enrolled via these methods are enrolled automatically or by an Intune admin, not by an employee or student, and are considered shared devices. Instead, you can apply the Microsoft Entra limit, where supported.

Microsoft Entra device limit

Configure the maximum number of devices per user in Microsoft Entra to limit the number of devices that can join or register with Microsoft Entra. To access this setting:

  1. Sign in to the Microsoft Entra admin center.
  2. Go to Identity > Devices > Device settings.

The limit applies to devices that are Microsoft Entra joined or Microsoft Entra registered, with some exceptions. It isn't applicable to Microsoft Entra hybrid joined devices, and devices enrolled via:

See Also
Robin Hobo

  • Android Enterprise dedicated device
  • Windows automatic enrollment + bulk device enrollment
  • Windows automatic enrollment + group policy

For more information about configuring these setting in Microsoft Entra ID, see Configure device settings.

Applicable scenarios

Use the following table to determine the type of limitations you can apply to devices.

PlatformDevice management solutionUser affinityDoes Microsoft Entra limitation apply?Does Intune limitation apply?
AndroidAndroid Enterprise personally owned work profileYesYesYes
AndroidAndroid Enterprise dedicated deviceNoNoNo
AndroidAndroid Enterprise fully managedYesYesYes
AndroidAndroid Enterprise corporate-owned work profileYesYesYes
AndroidAndroid device administratorYesYesYes
AndroidAndroid device administrator + device enrollment managerNoYesNo
iOS and macOSBYOD: Apple User EnrollmentYesYesYes
iOS and macOSBYOD: Apple Device EnrollmentYesYesYes
iOS and macOSApple Automated Device EnrollmentYesYesYes
Windows 10/11BYOD: User enrollmentYesYesYes
Windows 10/11Automatic enrollment + group policyNoNoNo
Windows 10/11Automatic enrollment + device enrollment managerNoYesNo
Windows 10/11Automatic enrollment + bulk device enrollmentNoNoNo
Windows 10/11Windows AutopilotYesYesNo
Windows 10/11Co-management with Configuration ManagerNoYesNo

Android and iOS devices

Important

Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on August 30, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, read Ending support for Android device administrator on GMS devices.

iOS or Android devices example 1

  • The Microsoft Entra Maximum number of devices per user setting is set to 3.
  • The Intune Device limit setting is set to 5.

Outcome: You can enroll up to 3 devices, because the Microsoft Entra ID limits users to a maximum of 3 devices. If you try to enroll more than three devices in Intune, enrollment fails because the fourth device is blocked from registering in Microsoft Entra ID.

iOS or Android devices example 2

  • The Microsoft Entra Maximum number of devices per user setting is set to 20.
  • The Intune Device limit setting is set to 2.

Outcome: You can successfully register and enroll two devices. Intune enrollment will be blocked for any additional devices. The Microsoft Entra limit only applies to Apple automated device enrollment when devices are configured with user affinity.

Windows devices

Windows 10/11 example 1

  • The Microsoft Entra Maximum number of devices per user setting is set to 5.
  • The Intune Device limit setting is set to 3.
  • The devices are Microsoft Entra hybrid joined and enrolled automatically (GPO configured).

Outcome: Because the enrollment is provisioned by GPO, the Microsoft Entra device limit doesn't apply. The Intune device limit restriction also doesn't apply.

Windows 10/11 example 2

  • The Microsoft Entra Maximum number of devices per user setting is set to 5.
  • The Intune Device limit setting is set to 2.
  • The devices are local domain joined, and enrolled in the Settings app.

Outcome: You can only enroll two devices before they're blocked. You can register up to five devices.

Next steps

  • Create a device limit restriction in Azure.
  • Learn more about registration and domain joined.
Understand Intune and Microsoft Entra device limit restrictions - Microsoft Intune (2024)

FAQs

What is the limitation of Microsoft Intune? ›

Device Limit Restrictions

By default, a user can enroll up to 15 devices in Intune, but this limit can be adjusted as needed, ranging from 1 to 15, in the admin center. To set a device limit restriction, follow these steps: Sign in to the Microsoft Intune admin center. Navigate to Devices > Enrollment restrictions.

Get More Info
What is the Intune device limit? ›

You can allow a user to enroll up to 15 devices. To create a device limit restriction, sign in to the Microsoft Intune admin center and go to Devices > Enrollment. For more information, see Create a device limit restriction.

Continue Reading
What are the user enrollment limitations for Intune? ›

Create a device limit restriction
  • Sign in to the Microsoft Intune admin center.
  • Go to Devices > Enrollment.
  • Select the Windows, Apple, or Android tab.
  • Select Device limit restriction.
  • Choose Create restriction.
  • On the Basics page, give the restriction a Name and optional Description.

Read The Full Story
What are the two major categories of device restrictions while enrolling devices? ›

There are two types of device enrollment restrictions you can configure in Microsoft Intune:
  • Device platform restrictions: Restrict devices based on device platform, version, manufacturer, or ownership type.
  • Device limit restrictions: Restrict the number of devices a user can enroll in Intune.
Apr 2, 2024

Learn More Now
How do I increase my Intune device limit? ›

Sign in to the Microsoft Intune admin center. Go to Devices > Enrollment restrictions > Default (under Device limit restrictions) > Properties > Edit (next to Device limit) > increase the Device limit (maximum 15)> Review + Save.

Continue Reading
What are the challenges of Intune? ›

One of the primary challenges with Intune deployment is compatibility issues. This can include compatibility with the hardware, operating system, or software used by the organization. Organizations may not have the required expertise or resources to manage the deployment and configuration of Intune.

View More
How do I check my Intune device limit? ›

Sign in to the Microsoft Intune admin center. Go to Devices > Enrollment. Select the Windows, Apple, or Android tab. Select Device limit restriction.

Get More Info
What devices can be managed by Intune? ›

Intune supported operating systems
  • Android.
  • iOS/iPadOS.
  • Linux.
  • macOS.
  • Windows.
  • Chrome OS.
5 days ago

See Details
What happens when a device is removed from Intune? ›

The most important and direct effect of removing a user from Intune is that the user isn't able to access corporate data via that device. Besides that, that device is no longer available in the Company Portal app for the user, and the user isn't able to install any corporate apps on it.

Explore More
What happens when a device is enrolled in Intune? ›

Your device enrolls in Microsoft Intune, a mobile device management provider, and registers with your organization. This step ensures that you're authorized to access your organization's email, apps, and Wi-Fi. Your organization's device management policies are applied to your device.

View More

How do I check device enrollment status in Intune? ›

Windows
  1. Go to Windows Settings.
  2. Click on Accounts.
  3. Click on Access work or school and look for one of these: This means that your computer is joined to Azure AD and enrolled in Intune. Click on it, and then click on Info. Scroll down and look for "The sync was successful" in the Device sync status section.
Nov 13, 2023

Find Out More
What is device restrictions? ›

Device Restriction limits access to approved devices in a secure network, ensuring compliance and data integrity.

Learn More Now
How do I set device restrictions? ›

Allow restricted settings
  1. On your Android device, open the Settings app.
  2. Tap Apps.
  3. Tap the app that you want to turn on a restricted setting for. Tip: If you can't find it, first tap See all apps or App info.
  4. Tap More. Allow restricted settings.
  5. Follow the on-screen instructions.

Read More
How does Intune know if a device is personal or corporate? ›

In this article

You can also set device restrictions to block enrollment by devices that aren't corporate-owned. At the time of enrollment, Intune automatically assigns corporate-owned status to devices that are: Enrolled with a device enrollment manager account (all platforms). Enrolled by using Google Zero Touch.

Keep Reading
Is Microsoft Intune good or bad? ›

A very useful MDM with its easy onboarding, management, monitoring, and security features. I have been working with Azure AD and Intune MDM for about 6 years, and I am so glad to use these great services for device, application and user management.

Read On
What is the advantage of using Intune? ›

One of the main advantages of using Microsoft Intune is its centralised control feature. With Intune, you have the ability to manage all your devices, including PCs, Macs, and mobile devices, from a cloud-based platform. This eliminates the need for any additional physical infrastructure. What does this mean for you?

Discover More Details
Which 3 features does Microsoft Intune support? ›

Microsoft Intune is a safe and secure cloud-based solution that gives IT administrators control over mobile devices, apps, and data. Intune offers multiple security features like device management, application management, data protection, and conditional access for your organization's devices and information.

Know More
What is the future of Microsoft Intune? ›

Starting June 1, 2024, we're making updates to improve the Intune mobile application management (MAM) service. This update will require iOS wrapped apps, iOS SDK integrated apps, and the Company Portal for Android to be updated to the latest versions to ensure applications stay secure and run smoothly.

Show Me More
Top Articles
Sweet Potato Casserole Recipe
Our Easy Casserole Recipes Are Just Right for Breakfast, Lunch, and Dinner
Planning for the community center’s future
BHSE Frequently Asked Questions | Bureau of Primary Health Care
Latest Posts
Maccheroni alla Chitarra with Ragù Abruzzese and Palottine Recipe | Cook the Book
24 St. Patrick's Day Recipes, From Corned Beef and Cabbage to Irish Soda Bread
Article information

Author: Sen. Emmett Berge

Last Updated:

Views: 5456

Rating: 5 / 5 (60 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Sen. Emmett Berge

Birthday: 1993-06-17

Address: 787 Elvis Divide, Port Brice, OH 24507-6802

Phone: +9779049645255

Job: Senior Healthcare Specialist

Hobby: Cycling, Model building, Kitesurfing, Origami, Lapidary, Dance, Basketball

Introduction: My name is Sen. Emmett Berge, I am a funny, vast, charming, courageous, enthusiastic, jolly, famous person who loves writing and wants to share my knowledge and understanding with you.