When BYOD enrollment is blocked in the tenant, corporate Identifier allows the admin to enroll some specific personal devices in Microsoft Intune. Let me give you an example,
Assume you are blocking personal enrollment for all operating systems from the Platform restriction policy. However, there are some users you want to allow A specific personal device to enroll in Intune. Using Corporate Identifier you can whitelist a specific device and that device can enroll as a personal device either android or ios in Intune. At the same time, all other users/devices will be blocked from enrolling their personal devices in Intune.
You may put an argument, that, why not create another platform restriction policy for those users. Well, if you do, they can enroll any device they want with personal. But when you configure corporate Identifier, only a single device will be able to enroll if you specify the serial number or IMEI number in intune.
Prior to adding the serial or IMEI number, you must look at which operating system support which identifier.
Which Operating system support what Corporate Identifier
|Supported in some cases. See Important below.
|Android device administrator, before Android v10
|Android device administrator, Android v10 and later
|Android Enterprise personally-owned work profile, before Android 12
|Android Enterprise personally-owned work profile, Android 12 and later
|Android Enterprise corporate-owned work profile
|Android Enterprise fully managed
|Android Enterprise dedicated devices
As per Microsoft doc
Some Android and iOS/iPadOS devices have multiple IMEI numbers. Intune only reads one IMEI number per enrolled device. If you import an IMEI number but it is not the IMEI inventoried by Intune, the device is classified as a personal device instead of a corporate-owned device. If you import multiple IMEI numbers for a device, uninventoried numbers display Unknown for enrollment status.
Also note: Serial Numbers are the recommended form of identification for iOS/iPadOS devices. Android Serial numbers are not guaranteed to be unique or present. Check with your device supplier to understand if serial number is a reliable device ID. Serial numbers reported by the device to Intune might not match the displayed ID in the Android Settings/About menus on the device. Verify the type of serial number reported by the device manufacturer. Attempting to upload a file with serial numbers containing dots (.) will cause the upload to fail. Serial numbers with dots are not supported.
Now let’s take a look at the methods of adding devices to the corporate identifier
How to add devices to the Corporate Identifier?
There are two methods to enroll the device in Intune.
- With .csv File
In both methods, you have to enter the device serial number or IMEI number.
Add Device with .csv
- Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Enroll devices > Corporate device identifiers > Add > Upload CSV
- In the Add identifiers blade, specify the identifier type: IMEI or Serial.
- Click the folder icon and navigate to the .csv file, and choose Add.
This .csv file when viewed in a text editor appears as:
This CSV file should contain the list of IMEI/Serial numbers you want devices to be whitelisted
Add Device Manually
- Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Enroll devices > Corporate device identifiers > Add > Enter Manually
- Specify the identifier type: IMEI or Serial.
- Under “Identifer” tab enter the serial or IMEI number
- Click Add
So whenever you are in a situation where you want the specific device to be enrolled as personal and still keep the rest of the personal enrollment block, Corporate Identifier is the way to go.
If this article helps in any manner, don’t forget to vote and subscribe to our newsletter to stay up-to-date with our new articles.