Corporate identifiers are another piece of the puzzle. Following the introduction of Autopilot Device preparation, it’s important to enhance security by restricting the addition of only allowing corporate-owned devices. Before onboarding devices with Autopilot, they were recognized as corporate devices, allowing us to enforce stricter security measures by permitting only corporate devices for which we need to use Corporate identifiers.
Why Corporate identifiers
Corporate Identifiers are an essential component of Microsoft Intune that ensures an organization’s secure and efficient device management. They are unique identifiers that associate a device with a particular organization. These identifiers help distinguish corporate-owned devices from personal devices, allowing IT administrators to apply specific policies and configurations based on device ownership.
This helps prevent unauthorized access to sensitive corporate information and reduces the risk of data breaches. Furthermore, Corporate Identifiers in Intune facilitate seamless device enrollment and provisioning processes. By associating devices with specific corporate identifiers, organizations can streamline the deployment of devices and automate the setup process using Intune’s powerful management capabilities. This saves IT administrators time and ensures that devices are properly configured and compliant with corporate policies from the moment they are enrolled in the organization’s network.
In addition to security and management benefits, Intune Corporate Identifiers contribute to a better user experience. By clearly delineating corporate-owned devices, employees can confidently use them for work-related tasks, knowing that the necessary security measures and configurations are in place to protect corporate data. This distinction also helps prevent the accidental mixing of personal and corporate data on devices, promoting a clear separation between work and personal use.
Using Corporate Identifiers in Intune is essential to creating a secure and reliable Intune tenant. (info about identifiers other than Windows
How to create a Corporate Identifier
Now, we want to create such an identifier for Windows, which has been new since the release of Autopilot Device preparation. Corporate identifiers use easy-to-get parts from a device to get uploaded to Intune. Before, we had to add the Hardware hash to onboard as a corporate device. Now, adding the Manufacturer, model, and serial number will be enough to add it.
Note:
Goto Devices | Enrollment and click on Corporate device Identifier
Click on + Add and upload a CSV File
Now select Manufacturer, model and serial number (Windows Only). Under import identifiers click on Select a file
now we need to select a CSV we create in the following format
<Manufacturer>,<Model>,<SerialNumber>
MICROSOFTCORPORATION,VIRTUALMACHINE,7103-1376-2071-7119-2448-4803-69
After adding it will look like this:
Closing down the MDM enrollment
Device platform restrictions can help Intune MDM Hardening by limiting device enrollment to specific device platforms. This can be useful if, for example, your organization only supports certain types of devices or if you want to restrict access to sensitive resources for specific device platforms. In the platform restrictions, we can block Personal devices. After adding the corporate identifiers, we can close it by blocking it.
Conclusion
Corporate Identifiers play an important role in managing devices within an organization. They are essential for ensuring that only corporate-owned devices are added to the system, enhancing security. By streamlining the enrollment process, these identifiers allow for automated setup and provisioning, contributing to a more efficient workflow. Creating a difference between personal and corporate will help improve user experience and corporate data protection.
[…] There are two possible device ownership options we can take with autopilot device preparation: personal and corporate. If we need to enable this for personal devices so it becomes a corporate device, we should enable this in the platform restrictions. To onboard corporate devices, we no longer need to upload hardware hashes; we need to use corporate identifiers released simultaneously as device preparation. A separate blog about Corporate Identifiers can be found here […]