By Scott Duffey | Senior Program Manager, Microsoft Endpoint Manager
I’m excited to announce that today we started rolling out a feature giving you the ability to change a device’s primary user. We have had this item on our product backlog for a long time, being the highest voted item on UserVoice and also attracting a lot of comments on the previous support post How User Device Affinity Works in Intune. Read below for more information on Primary User.
Here’s the brief overview of what you can do with this new feature:
Change the Primary user from User-A to User-B
Change the Primary user from none (shared) to a single user
Change the Primary user from a single user to none (shared)
In all the above cases, the Intune device (Primary User property) will be updated as well as the Azure AAD device object (DeviceRegisteredOwner and DeviceRegisteredUser).
Here's what you'll see in the Microsoft Endpoint Manager admin center:
And here's what you'll see in Azure AD:
Note: It may take up to 10 minutes to reflect in the Azure AD portal.
A couple more details:
Devices must be a supported version of Windows 10.
Devices can be either Azure AD Joined or Hybrid Azure AD Joined.
If a device is co-managed then you can’t change the Primary User (but this is a scenario we are working on). With the June (2006) Intune service release, you can now change a device's primary user for co-managed Windows devices. Learn more here: Change a device's primary user.
We have added a new administrator privilege: “Managed Device/Set primary user” and it has been added to built-in roles including: Helpdesk Operator, School administrator, and Endpoint Security Manager. To use this feature, you will need to have this privilege assigned.
A user must have an Intune license to be assigned as a Primary user.
The new Device compliance report list includes columns for both Primary User and Enrolled-by user. This change will also be added to the “All devices” list soon.