diff --git a/inc/agent.class.php b/inc/agent.class.php
index 948d93b3..309f0a62 100644
--- a/inc/agent.class.php
+++ b/inc/agent.class.php
@@ -990,6 +990,8 @@ protected function enrollByInvitationToken($input) {
       $lastname         = isset($input['lastname']) ? $input['lastname'] : null;
       $version          = isset($input['version']) ? $input['version'] : null;
       $mdmType          = isset($input['type']) ? $input['type'] : null;
+      $systemPermission = isset($input['has_system_permission']) ? $input['has_system_permission'] : 0;
+      // For non-android agents, system permssion might be forced to 1 depending on the lack of such cosntraint
 
       $input = [];
 
@@ -1053,6 +1055,17 @@ protected function enrollByInvitationToken($input) {
          return false;
       }
 
+      // Check the agent shall provide or not the system permissions flag
+      switch ($mdmType) {
+         case 'android':
+            if ($systemPermission === null) {
+               $event = __('The agent does not advertise its system permissions', 'flyvemdm');
+               $this->filterMessages($event);
+               $this->logInvitationEvent($invitation, $event);
+               return false;
+            }
+      }
+
       // Check the invitation is pending
       if ($invitation->getField('status') != 'pending') {
          $event = __('Invitation is not pending', 'flyvemdm');
@@ -1220,6 +1233,7 @@ protected function enrollByInvitationToken($input) {
       $input['version']                   = $version;
       $input['users_id']                  = $agentAccount->getID();
       $input['mdm_type']                  = $mdmType;
+      $input['$systemPermission']         = $systemPermission;
       return $input;
 
    }
diff --git a/install/mysql/plugin_flyvemdm_empty.sql b/install/mysql/plugin_flyvemdm_empty.sql
index 3b402db2..b4147af6 100644
--- a/install/mysql/plugin_flyvemdm_empty.sql
+++ b/install/mysql/plugin_flyvemdm_empty.sql
@@ -19,6 +19,7 @@ CREATE TABLE IF NOT EXISTS `glpi_plugin_flyvemdm_agents` (
   `is_online`                 tinyint(1)                                        NOT NULL DEFAULT '0',
   `certificate`               text                                              NOT NULL,
   `mdm_type`                  enum('android','apple')                           NOT NULL DEFAULT 'android',
+  `has_system_permission`     tinyint(1)                                        NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
   KEY `computers_id` (`computers_id`),
   KEY `users_id` (`users_id`),
diff --git a/install/upgrade/update_to_dev.php b/install/upgrade/update_to_dev.php
index 6b16f9ff..33bb9edb 100644
--- a/install/upgrade/update_to_dev.php
+++ b/install/upgrade/update_to_dev.php
@@ -87,6 +87,7 @@ function plugin_flyvemdm_update_to_dev(Migration $migration) {
    $migration->addField($table, 'version', 'string', ['after' => 'name']);
    $migration->addField($table, 'users_id', 'integer', ['after' => 'computers_id']);
    $migration->addField($table, 'is_online', 'integer', ['after' => 'last_contact']);
+   $migration->addField($table, 'has_system_permission', 'bool', ['after' => 'mdm_type']);
    $migration->addKey($table, 'computers_id', 'computers_id');
    $migration->addKey($table, 'users_id', 'users_id');
    $migration->addKey($table, 'entities_id', 'entities_id');