diff --git a/app/provision/index.php b/app/provision/index.php
index 6ab63de51d..218e4605e9 100644
--- a/app/provision/index.php
+++ b/app/provision/index.php
@@ -223,11 +223,6 @@
 			syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but the remote auth server said no for ".escape($_REQUEST['mac']));
 			http_error('404');
 		}
-	} else {
-		//check for a valid match
-			if (empty($device_uuid)) {
-				http_error(403);
-			}
 	}
 
 //use the device address to get the vendor
@@ -247,6 +242,11 @@
 //get all provision settings
 	$provision = $settings->get('provision', null, []);
 
+//check for a valid match
+	if (empty($device_uuid) && $settings->get('provision', 'auto_insert_enabled', 'false') !== 'true') {
+		http_error(403);
+	}
+
 //check the cidr range
 	if (!empty($provision['cidr'])) {
 		$found = false;