This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 78%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi MS Intune team,
In Microsoft Intune we cant use CDI to enroll Android device with OS 12 and later as Android personal owned work profile.
So if we have BYOD device is blocked in enrolment restriction, we cant enroll these corporate device with CDI.
https://learn.microsoft.com/en-us/mem/intune/enrollment/corporate-identifiers-add
Now only option left is to enroll device with "Corporates owned device with work profile". The problem in this method is this required device reset and apps deployed as available is not supported.
Also QR code will be sent to end user, which can lead to risk that user may enroll personal owned device without Intune admin or company knowledge.
https://learn.microsoft.com/en-us/mem/intune/enrollment/android-corporate-owned-work-profile-enroll
Any suggestion if this functionality to detect device via CDI is depreciated by Microsoft Intune or from Android OS.
How about some workaround?
@AsAdmin Thanks for posting in our Q&A.
In Android 12, Google removes serial number, IMEI, and MEID on personally-owned work profile devices. For more details, please read the following article:
https://techcommunity.microsoft.com/t5/intune-customer-success/android-12-day-zero-support-with-microsoft-endpoint-manager/ba-p/2621665
So, there is no workaroud to make it via intune.
It seems that the only option is enroll device with "Corporates owned device with work profile". Please note that any android enrollment method needs device reset. Based on my experience, these app types(Android store app, Managed Google Play store app and web link) all can be deployed as available under assignments.
Generally, we don't let end users enroll devices, because it may lead some risks(maybe enroll other devices to the organization). If you have to let the end users do the enrollment action, please just give them an account with intune license(don't give them the intune admin account) and please monitor the device on the Intune Portal.
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.