If you’ve worked with System Center Configuration Manager in the past, you’ll be familiar with the term “User Device Affinity”. In Intune we call this “Primary User” and it’s simply a mapping between an Intune device and a user. A device can have just one Primary User, but a User can have more than one device.
The point of having this relationship is to improve experiences for both end users and IT support. Here’s a few examples where this mapping is useful:
When a user opens the Company Portal app on their phone, they see a list of all their Intune-managed devices. In case they have an Intune-managed device that is lost or stolen, they can perform a reset for that device. This self-service reduces IT support cases as the end user can take care of the problem themselves. The list of all Intune managed devices is built from the Primary User relationship.
Another example is on the IT support side. When an IT admin uses the troubleshooting page in the admin portal, the first step is to supply a username. This name then enumerates all the user’s devices (along with policies, apps and other useful information). Again, this device list is built based on Primary User.
As an Intune IT admin, you can view the Primary User of a device by going to the device overview page in the admin portal.
What happens when the device doesn’t belong to anyone? While most of the devices being managed by Intune today are single-user devices, there are some customer scenarios where this isn’t the case. For example, you might have Kiosks, First-line worker devices or Windows 10 PC’s being used by multiple users in a classroom or call center. We call those shared devices. These devices typically have a different set of end-users and self-service based requirements in the Company Portal.
Moving forward, and based on many customer requests, you’ll start to see improvements in the shared device scenario.
In an upcoming release of the Company Portal app for Windows (we're planning on a release shortly), shared devices (ones without any primary user assigned) will now be able to be used for each Intune user who signs into Windows and opens the app. Each user will be able to install Available apps that have been assigned to their user account. There is also a label to help identify a shared device vs a single user device and importantly, end-users won’t be allowed to perform any device actions (like removing it from management or factory resetting it) via the Company Portal app.
In future releases, we’ll be building out some additional changes that customers have been asking for including the ability to add or change a primary user through the admin portal, or seamlessly inherit Primary User from other sources (such a SCCM).
For more detailed information on how to configure and use the Intune Primary User, we’ve posted updates to the documentation page here: https://aka.ms/primary_user_intune.