diff --git a/changes/41484-fix-windows-mdm-profile-upload-panic b/changes/41484-fix-windows-mdm-profile-upload-panic
index 5ec6d42ed4..e0fd53b730 100644
--- a/changes/41484-fix-windows-mdm-profile-upload-panic
+++ b/changes/41484-fix-windows-mdm-profile-upload-panic
@@ -1 +1 @@
-- Fixed a server panic when uploading a Windows MDM profile to a fleet on a free license.
+- Fixed a server panic when uploading a Windows/Apple/Android MDM profile to a fleet on a free license (fleets are a premium feature).
diff --git a/server/service/apple_mdm.go b/server/service/apple_mdm.go
index 73f4149894..349616aaac 100644
--- a/server/service/apple_mdm.go
+++ b/server/service/apple_mdm.go
@@ -861,7 +861,11 @@ func (svc *Service) NewMDMAppleDeclaration(ctx context.Context, teamID uint, dat
 	}
 
 	var teamName string
-	if teamID >= 1 {
+	if teamID > 0 {
+		lic, _ := license.FromContext(ctx)
+		if lic == nil || !lic.IsPremium() {
+			return nil, ctxerr.Wrap(ctx, fleet.ErrMissingLicense)
+		}
 		tm, err := svc.EnterpriseOverrides.TeamByIDOrName(ctx, &teamID, nil)
 		if err != nil {
 			return nil, ctxerr.Wrap(ctx, err)
diff --git a/server/service/apple_mdm_test.go b/server/service/apple_mdm_test.go
index fc6c43aa9a..6189f57811 100644
--- a/server/service/apple_mdm_test.go
+++ b/server/service/apple_mdm_test.go
@@ -863,6 +863,16 @@ func TestBatchSetMDMAppleProfilesWithSecrets(t *testing.T) {
 	assert.ErrorContains(t, err, "profiles[1]")
 }
 
+func TestNewMDMAppleDeclarationFreeLicenseTeam(t *testing.T) {
+	svc, ctx, _, _ := setupAppleMDMService(t, &fleet.LicenseInfo{Tier: fleet.TierFree})
+	ctx = viewer.NewContext(ctx, viewer.Viewer{User: &fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)}})
+
+	b := declBytesForTest("D1", "d1content")
+
+	_, err := svc.NewMDMAppleDeclaration(ctx, 1, b, nil, "name", fleet.LabelsIncludeAll)
+	assert.ErrorIs(t, err, fleet.ErrMissingLicense)
+}
+
 func TestNewMDMAppleDeclaration(t *testing.T) {
 	svc, ctx, ds, _ := setupAppleMDMService(t, &fleet.LicenseInfo{Tier: fleet.TierPremium})
 	ctx = viewer.NewContext(ctx, viewer.Viewer{User: &fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)}})
diff --git a/server/service/mdm.go b/server/service/mdm.go
index c41b27935e..6c37a4da54 100644
--- a/server/service/mdm.go
+++ b/server/service/mdm.go
@@ -1825,6 +1825,10 @@ func (svc *Service) NewMDMAndroidConfigProfile(ctx context.Context, teamID uint,
 
 	var teamName string
 	if teamID > 0 {
+		lic, _ := license.FromContext(ctx)
+		if lic == nil || !lic.IsPremium() {
+			return nil, ctxerr.Wrap(ctx, fleet.ErrMissingLicense)
+		}
 		tm, err := svc.EnterpriseOverrides.TeamByIDOrName(ctx, &teamID, nil)
 		if err != nil {
 			return nil, ctxerr.Wrap(ctx, err)
diff --git a/server/service/mdm_test.go b/server/service/mdm_test.go
index dae56d50a1..088b5fd4a5 100644
--- a/server/service/mdm_test.go
+++ b/server/service/mdm_test.go
@@ -2815,6 +2815,22 @@ func TestNewMDMProfilePremiumOnlyAndroid(t *testing.T) {
 			`{"systemUpdate": {"type": "AUTOMATIC"}}`,
 			"",
 		},
+		{
+			"android profile with team and free license",
+			&fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)},
+			false,
+			1,
+			`{"screenCaptureDisabled": true}`,
+			"Requires Fleet Premium license",
+		},
+		{
+			"android profile with team and premium license",
+			&fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)},
+			true,
+			1,
+			`{"screenCaptureDisabled": true}`,
+			"",
+		},
 	}
 
 	for _, tt := range testCases {