diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index d616d6bb9f..7b045689da 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4696,6 +4696,8 @@ class InstanceGroupSerializer(BaseSerializer):
                 raise serializers.ValidationError(_('Duplicate entry {}.').format(instance_name))
             if not Instance.objects.filter(hostname=instance_name).exists():
                 raise serializers.ValidationError(_('{} is not a valid hostname of an existing instance.').format(instance_name))
+            if Instance.objects.get(hostname=instance_name).is_isolated():
+                raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
         return value
 
     def validate_name(self, value):
diff --git a/awx/main/tests/functional/api/test_instance_group.py b/awx/main/tests/functional/api/test_instance_group.py
index 50c033b69b..c9a0ad4a28 100644
--- a/awx/main/tests/functional/api/test_instance_group.py
+++ b/awx/main/tests/functional/api/test_instance_group.py
@@ -133,6 +133,16 @@ def test_prevent_isolated_instance_added_to_non_isolated_instance_group(post, ad
     assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error']
 
 
+@pytest.mark.django_db
+def test_prevent_isolated_instance_added_to_non_isolated_instance_group_via_policy_list(patch, admin, instance, instance_group, isolated_instance_group):
+    url = reverse("api:instance_group_detail", kwargs={'pk': instance_group.pk})
+
+    assert True is instance.is_isolated()
+    resp = patch(url, {'policy_instance_list': [instance.hostname]}, admin)
+    assert [u"Isolated instances may not be added or removed from instances groups via the API."] == resp.data['policy_instance_list']
+    assert instance_group.policy_instance_list == []
+
+
 @pytest.mark.django_db
 def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, admin, instance, instance_group, isolated_instance_group):
     url = reverse("api:instance_group_instance_list", kwargs={'pk': isolated_instance_group.pk})
@@ -140,4 +150,3 @@ def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, ad
     assert True is instance.is_isolated()
     resp = post(url, {'disassociate': True, 'id': instance.id}, admin, expect=400)
     assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error']
-