Managing Device Addition Limits in Intune
If you are an AD administrator, you're likely aware that Active Directory (AD) typically limits users to adding 10 devices to a domain by default. For Azure AD, the default limit is higher, maxing out at 50 devices per user. Domain admins and global administrators are usually exempt from these limitations. However, there may be situations where you need to allow lower-level IT staff or other personnel to add more devices than the default limit allows, or you may need to modify the device limit or restrict it further for Azure AD users.
To Modify the restriction in on-prem AD, there is no Group Policy to do it. Instead you have to:
- Use Active Directory Users and Computers and right-click on the domain name at the top
- Select Properties.and go to the Attribute Editor tab.
- Find the ms-DS-MachineAccountQuota and change its value to the desired number of devices
In the example below, I have raised the number to 20.
Restricting Ordinary Users to 15 Devcies or Less for Azure
If you want to limit the number of device enrollments for ordinary users in Azure AD, you can do so using Microsoft Intune. Here's how to set up device enrollment restrictions:
- Access the Microsoft Intune Admin Center
- Navigate to either:
- Devices > Enrollment restrictions, or
- Devices > Windows > Enrollment restrictions
- Click on "Device limit restrictions"
- Select "Create restriction"
- In the settings, you can choose a limit between 1 and 15 devices per user as shown below:
Then complete the policy by assigning the groups or users to it and finish out the wizard. If you want to make the restriction greater than 15, you will have to do so using the Microsoft Entra Admin Center and navigate to Devices > Device Settings. The available options are shown in the screenshot below.
Windows Autopilot
For large organizations, school systems implementing one-to-one device programs for students, or companies with numerous remote workers, Windows Autopilot offers a more efficient alternative to manually adding devices to Azure. This cloud-based solution streamlines the process of setting up and pre-configuring new Windows devices and ensure they are business-ready without requiring hands-on IT involvement. Autopilot automates device registration, configuration, and enrollment into Azure AD and Intune.
When a user receives a device, they simply connect it to the internet and log in with their corporate credentials. Autopilot automatically configures the device based on its assigned profile, installing necessary applications and applying company policies. This zero-touch deployment approach eliminates the need for IT to manually prepare each device, making the process faster and more scalable across the organization.
You can create the necessary Autopilot profiles using Intune which I will cover in a future blog.
Comments (0)