Forum Discussion
Solved
Intune License for Device Enrollment Manager accounts
Hi all, I am new to Intune and was assigned to a project to enroll all company Windows desktop to Intune. I would like to assign myself as a DEM and start the enrollment. What I am not sure h...
Hi,
A good practice would be to create a dedicated user and assign an Intune license to this user. Then assign the Device Enrollment Role to it. This allows you to enroll up to 1000 devices.
If you have Azure AD Joined devices, they are already enrolled in Intune (Endpoint Manager). You maybe need to configure the proper settings first (Autoenrollment, DNS). But it requires Azure AD P1.
Also have a look at the device enrollment restriction policies. They do not apply to Device Enrollment Managers for Windows:
Each user who is using Intune (Apps, Profiles, Policies, etc) needs a license.
If you have shared devices, Kiosk or Signage for example, you can use "Intune Device-only" licenses. This licenses do not need to be assigned to any device or user.
Hope this helps,
Cheers,
Al
Thanks Thijs Lecomte,
I will wait for more advice and also test how the license works. Will share here later on.
Cheers,
Hi,
A good practice would be to create a dedicated user and assign an Intune license to this user. Then assign the Device Enrollment Role to it. This allows you to enroll up to 1000 devices.
If you have Azure AD Joined devices, they are already enrolled in Intune (Endpoint Manager). You maybe need to configure the proper settings first (Autoenrollment, DNS). But it requires Azure AD P1.
Also have a look at the device enrollment restriction policies. They do not apply to Device Enrollment Managers for Windows:
Each user who is using Intune (Apps, Profiles, Policies, etc) needs a license.
If you have shared devices, Kiosk or Signage for example, you can use "Intune Device-only" licenses. This licenses do not need to be assigned to any device or user.
Hope this helps,
Cheers,
Al
alschneiter does device need be logged in using the DEM account after the enrollment or can it the local admin stay logged in? I am testing a scenario where I am using DEM just for the enrollment and management of device, but not switch user. This is to accommodate for an already running kisosk based application on the device. However, my concern here is that this may break the update rings as the enrolling user will never log in on the device.
Thanks for the detail information you have shared.
I would bring up this scenario and hope you or anyone has time to help me out.
Let's say I have two workstations to be shared by 5 other users, I will do the following step:
- Assign one user as a DEM.
- Assign him/her with "Microsoft Intune Device" License (2$/license/month).
- Purchase two more licenses for those two workstations and won't assign to any users or group of devices.
Questions:
- Will the setting work?
- Can the device considered as a shared device or extra configuration required?
- Can Intune policy apply to other users when they login to those two workstations?
Thanks for anything that you can help.
Kind regards,
Hi all,
I would share my experience with Intune Device License that as describe in this link (https://support.microsoft.com/en-au/help/4514392/introduction-to-device-licenses-in-microsoft-intune) I used DEM account to enroll the machine and it will automatically be assigned a device license but we need to manually monitor the number of licenses to make sure enrolled devices are fit within the purchased licenses.
I talked to Intune support team and they advised that Intune user-based profiles won't work on users who login these machine and it is correct. I tested with two users, one with valid user license and one without a license, all policies applied to the one with valid license but not the other one).
I will close this discussion but anyone has similar issues are welcome to contact me to discuss.
Kind regards,
