After adding a Self-Enroll domain to Symantec Endpoint Security (SES) for mobile device enrollment, you are no longer able to enroll users with that email domain into your legacy Symantec Endpoint Protection (SEP) Mobile environment using self-enrollment.

Adding the same self-enroll domain to SES will prevent self-enrollment using that same domain in legacy SEP Mobile.

This is expected functionality, users will enroll to SES if one or both of the conditions below is satisfied:

a) the email domain is registered as a self-enroll email for the domain
b) the email address is a registered admin for the domain

If you are using the legacy SEP Mobile console and its self-enroll functionality, do not add that domain to SES for self-enrollment (nor register your email address as admin for the domain) or you will no longer be able to self-enroll devices into the legacy SEP Mobile console. Devices installed via a sync'd MDM solution in legacy SEP Mobile should not be affected by this.