Prevent unauthorized systems from enrolling

bcldonnelly
New Contributor

Hello,
First time caller, long time listener.

We are using Casper to manage our Mac Devices. From a data security, and legal liability perspective, we want to only allow systems purchased by the company to be enrolled. We push access Certificates, and do not want them on systems that are not purchased by the company, nor do we want the liability of loss of individual's data on a non corporate system. New systems are DEP, Old systems are being put into DEP by our vendor as we speak. That being said, we have a large population that will be self enrolling systems that are out there (existing systems) that we want to manage, but will not be completely rebuilt.

Is there a way to check a database (ideally DEP) to see if a system is 'authorized' and if it is not in the database, or list, or yellow stickie, that enrollment is denied?

I appreciate any thoughts.

b

2 REPLIES 2

jason_bracy
Contributor III

I don't think you can limit which computers can enroll, but you can restrict access to specific users. You can also disable user initiated enrollment and use invitations.

bcldonnelly
New Contributor

I kinda thought that would be the case, and it would work perfectly if I could use an AD group to send the invitations to instead of listing each user individually... I tried to use a DL, but that was not successful.

thanks for the feedback.

b