Create new permission, which restricts the capability to change device ownership
For control of personal data as part of GDPR, the information shown depends on the device ownership. As a second step, please limit the admins capabilities to edit those freely. Please add a new permission, which can be revoked for regular admins, so they no longer can change an ownersip
I would expand this slightly so the only way a device can be changed is by a user unrolling it and then enrolling the device back as a corporate device.