Corporate Device Identifiers in Intune often look like a quick fix when organizations don’t have a fully implemented enrollment platform. But how well do CDIs actually work on iOS and Android? In this article, I explain what CDIs do, where they fall short, and when they still provide value.
What Are Corporate Device Identifiers (CDIs)?
Corporate Device Identifiers let you pre-register a device as corporate-owned in Intune by adding its serial number or IMEI. Intune then treats the device as company property instead of a personal device.
CDIs do not replace enrollment platforms such as Apple Business Manager (ABM), Samsung Knox Mobile Enrollment or Android Zero-Touch. However, they offer limited control when these platforms are not fully deployed.
iOS / iPadOS
A CDI entry does not replace Apple Business Manager, but it does give more control than a normal BYOD enrollment.
What works well
- When Enrollment Restrictions block personally-owned devices, Intune still allows CDI-registered devices to enroll because they are marked as corporate-owned.
Where it fails
iOS device management relies heavily on whether a device is Supervised or Non-Supervised. CDI does not add supervision, which creates inconsistent policy behavior.
- Some policies that normally require Supervision still work
- Other policies silently fail
You cannot predict which settings will apply correctly. Testing is the only way to validate behavior.
iOS Conclusion: CDI can help in partial or temporary situations, but ABM remains the only reliable and scalable method.
Android
On Android, CDIs provide almost no practical value. Starting with Android 12, Google prevents enrollment apps such as Company Portal from reading serial numbers or IMEI. Because of this, Intune cannot validate CDI entries during enrollment.
- CDI cannot confirm whether a device is corporate-owned
- CDI cannot block or allow enrollment
- You cannot convert a BYOD Work Profile into a Corporate-Owned Work Profile
How to maintain enrollment control
You can still control enrollment by using Enrollment Platform Restrictions:
- Set Android Enterprise = Allow
- Set Personally-Owned = Block
- Create an Allow Android Enrollment group with higher priority
Add users to this group before enrollment and remove them afterwards. This requires manual work, but it is currently the only reliable method on Android.
Conclusion
CDIs offer limited usefulness for iOS/iPadOS, especially when Apple Business Manager is not fully implemented yet.
For Android, CDIs provide almost no value due to Google’s restrictions on device identifiers.
Full enrollment platforms such as ABM, KME and Zero-Touch remain the only scalable and dependable solution for corporate-owned device management.
If you’re facing challenges with Intune, Apple, Android or device enrollment flows, feel free to contact me. Let’s optimize it together.
