This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.
By Scott Duffey | Senior Program Manager, Microsoft Endpoint Manager
I’m excited to announce that today we started rolling out a feature giving you the ability to change a device’s primary user. We have had this item on our product backlog for a long time, being the highest voted item on UserVoice and also attracting a lot of comments on the previous support post How User Device Affinity Works in Intune. Read below for more information on Primary User.
Over the next two weeks, you’ll see this feature show up under the “devices” area of the Microsoft Endpoint Manager admin center (at either https://devicemanagement.microsoft.com or https://portal.azure.com) and you’ll also see some updates to our Primary User docs page.
Here’s the brief overview of what you can do with this new feature:
- Change the Primary user from User-A to User-B
- Change the Primary user from none (shared) to a single user
- Change the Primary user from a single user to none (shared)
In all the above cases, the Intune device (Primary User property) will be updated as well as the Azure AAD device object (DeviceRegisteredOwner and DeviceRegisteredUser).
Here's what you'll see in the Microsoft Endpoint Manager admin center:
And here's what you'll see in Azure AD:
Note: It may take up to 10 minutes to reflect in the Azure AD portal.
A couple more details:
- Devices must be a supported version of Windows 10.
- Devices can be either Azure AD Joined or Hybrid Azure AD Joined.
- If a device is co-managed then you can’t change the Primary User (but this is a scenario we are working on).
- We have added a new administrator privilege: “Managed Device/Set primary user” and it has been added to built-in roles including: Helpdesk Operator, School administrator, and Endpoint Security Manager. To use this feature, you will need to have this privilege assigned.
- A user must have an Intune license to be assigned as a Primary user.
- The new Device compliance report list includes columns for both Primary User and Enrolled-by user. This change will also be added to the “All devices” list soon.
- In addition to the Microsoft Endpoint Manager console, you can change the Primary User through graph API. You’ll see an example Powershell script appear on this Github repository shortly.