Hi,

I’m a former SCCM administrator now working at a company that is an Intune-only shop. Our environment is Hybrid Azure AD Joined and we have a Group Policy that performs an Automatic MDM Enrollment into Intune for any new Windows PC that gets domain joined. While this process works very well for devices that are assigned specifically to a single end-user, we are running into challenges with PCs that are not intended to be assigned to a specific end user. For this discussion, I’ll refer to these as “Shared” or “Kiosk” PCs.

Intune seems to be “assigning” either the last user that logged into them or the user that logs in the most as the “Primary user”. This creates a problem for us from an administrative perspective as we’d prefer to assign a single generic “Intune Shared PC Management” account to these devices instead (to indicate they are not tied to one user). Ideally, this account would function like a service account to be used just to manage the PCs we set up as Shared and Kiosk (to push apps, apply patches, policies, configs, etc.).

I’ve searched online for guidance on how to set something like this up in Intune and the closest I have found is this article on Device Enrollment Manager (DEM) accounts:

https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-manager-enroll

I have tried using a DEM account for this purpose and seem to be getting mixed results (the device must be manually enrolled with the DEM account and some Intune features don’t seem to work for DEM-assigned devices). I’m starting to think DEM accounts are not intended as a long-term management solution for shared devices. Surely some other Intune Admin out there has encountered this situation as well. Can anyone here tell me how they manage non-user assigned devices in Intune? Also, are any of you aware of any good articles out there on how to manage non-user assigned devices in Intune?

Thanks in advance!