Forum Discussion
Solved
Best practices for enrolling shared devices in Intune
We need to enroll a couple of computers as shared devices in Intune. These devices are Windows 11 computers, but we plan to add a couple of iOS devices as well in the short term (iPads). These machin...
Hi giovanni79,
for setting up shared devices in Intune you can follow this best practices:
Use a resource account. This is the most secure option, as the account will only be used for enrolling and managing shared devices. You can create a dedicated resource account in Azure AD.
Assign the Intune Device Enrollment Manager role to the resource account. This will give the account the necessary permissions to enroll and manage shared devices in Intune.
Use a strong password for the resource account. The password should be complex and unique, and it should be changed regularly.
Consider using a password manager. A password manager can help you to create and manage strong passwords for all of your accounts, including the resource account.
Do not give the resource account access to SharePoint sites or other company data. The resource account should only be used for enrolling and managing shared devices.
Enable MFA for the resource account. MFA adds an extra layer of security to your account, making it more difficult for unauthorized users to access it.
Configure shared devices to require no user interaction. This allows the device to be fully managed by Intune without needing the resource account to log in regularly.
Set up an automated process to assign the shared device to a new primary user when needed. This ensures that the reassignment process is straightforward when an employee leaves the company or a new user needs access to the device.
Configure Intune to deploy the necessary apps and security policies to the shared devices automatically. This ensures that these devices stay compliant with your organization's security requirements.
Implement a clear naming convention for shared devices. This makes it easy to identify the purpose, location, or any other relevant information about the device.
Regularly monitor the status of shared devices through Intune's reporting and analytics tools to ensure they remain compliant and secure.
Document your procedures for setting up and managing shared devices in Intune.
Periodically review your shared device setup and make any necessary updates to ensure it aligns with your organization's changing needs and security policies.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Hi giovanni79,
for setting up shared devices in Intune you can follow this best practices:
Use a resource account. This is the most secure option, as the account will only be used for enrolling and managing shared devices. You can create a dedicated resource account in Azure AD.
Assign the Intune Device Enrollment Manager role to the resource account. This will give the account the necessary permissions to enroll and manage shared devices in Intune.
Use a strong password for the resource account. The password should be complex and unique, and it should be changed regularly.
Consider using a password manager. A password manager can help you to create and manage strong passwords for all of your accounts, including the resource account.
Do not give the resource account access to SharePoint sites or other company data. The resource account should only be used for enrolling and managing shared devices.
Enable MFA for the resource account. MFA adds an extra layer of security to your account, making it more difficult for unauthorized users to access it.
Configure shared devices to require no user interaction. This allows the device to be fully managed by Intune without needing the resource account to log in regularly.
Set up an automated process to assign the shared device to a new primary user when needed. This ensures that the reassignment process is straightforward when an employee leaves the company or a new user needs access to the device.
Configure Intune to deploy the necessary apps and security policies to the shared devices automatically. This ensures that these devices stay compliant with your organization's security requirements.
Implement a clear naming convention for shared devices. This makes it easy to identify the purpose, location, or any other relevant information about the device.
Regularly monitor the status of shared devices through Intune's reporting and analytics tools to ensure they remain compliant and secure.
Document your procedures for setting up and managing shared devices in Intune.
Periodically review your shared device setup and make any necessary updates to ensure it aligns with your organization's changing needs and security policies.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
I think the idea is brilliant, I am unable to see any details on resource accounts other than setting up for teams rooms - any pointers on where to find this out would be appreciate it.
Many Thanks
