Authored by Dhanya A Shivaram, co-authored by  Vigneshwaran Anbarasan.

Self enrollment is the capability offered by IBM Security MaaS360 with Watson where the end user can enroll the devices using self enrollment url (https://m.dm/<corporate identifier>) without depending on the administrators to create an enrollment request.
Self-enrollment is applicable for the customers who has MaaS360 / Corporate (On-premise) / Corporate (Azure)  / Corporate (SAML based)  authentication mode of enrollment configured.

But what if the admins want to block the devices for which end users are trying to perform self enrollment?

With IBM Security MaaS360 with Watson, we offer the capability to block self enrollment for devices.
By default this settings will be available to all the customers and will be in disabled state. Since self enrollment is not applicable for passcode based enrollments , this setting will not be editable if 'Override authentication mode for enrollment' is set to Passcode.

Steps to configure 'Block self enrollment for devices' setting.

1.Login to the MaaS360 Portal and navigate to Setup -> Settings.
2.From the left panel navigate to Directory and Enrollment -> Basic Enrollment Settings.
3.On right, go to the Limit Enrollment and Activation.
4.Enable 'Block self enrollment for devices' and save the settings.
5.The changes will be captured in the audit when the setting is modified.
6.Navigate to Setup -> Settings -> History to see the audit.

Here are the screenshots to configure the setting.

End user experience when trying to perform self enrollment on device when the admin has enabled this setting.


Audit will be captured when the setting is modified.


Is it applicable in all cases?
Currently, this setting is applicable for iOS and Mac devices. We have a plan to extend the support to other device platforms in the upcoming releases.