Even if I can prevent Users from using there own created keys by policy I did not found a way to prevent users from creating (useless) keys with the client.
this option can be defined in a policy of the type Device Protection with Local Storage Devices as Device protection target (General Settings > User is allowed to create a local key > No).
this option can be defined in a policy of the type Device Protection with Local Storage Devices as Device protection target (General Settings > User is allowed to create a local key > No).