Change Enrolled User

Copper Contributor

Hi,

 

We currently have a  Windows 10 Desktop Device Enrolled in Intune that was enrolled by a user that is not exists anymore. Therefore the device is now marked as non-compliant by the built-in compliancy policy because of the "Enrolled user exists" check. How can we change the Enrolled User without re-installing the device?

 

I tried to change the Registered User and Owner with Add-AzureADDeviceRegisteredOwner and Add-AzureADDeviceRegisteredUser, but this is not working as expected. Is there another way to achieve this or do we need to re-enroll the device? If the answer is yes, what is the best way? Initiate a Fresh Start or AutoPilot Reset (Preview)?

 

Thanks

 

7 Replies
For Remote_ You can use Autopilot Reset (preview)
On-site: You find the device inside intune press "delete" and use following with "other user" inside windows > Settings > Recovery > Remove Everything.

@Angelo Lelieveld The enrollment user is the device owner in intune. AAD owner doesn't have any impact on the Intune side. Intune device belongs to the enrollment owner. If you want to change that you must do a factory reset. Fresh start is not necessary as this will try to remove bloatware as well. as long as you have signature edition or provisioning ready Windows 10 devices you shuld be fine with a factory reset and the new user enroll's the device and will be the new onwer in Intune.

@Oliver Kieselbach 

What if it shows that the user does exist? 

So for some reason, the users 0365 account was deleted last night. I restored it this morning. But after running a sync in InTune the device is still coming back as Not Compliant even though the user who registered the device is active and the one logged into the device.

@Dartey_Banahene  Does the user account still have the same AAD ObjectID it had before it was restored? If it's different, this is probably the cause of the issue.

@eglockling 

Thank you for that, I'll check that! That makes perfect sense if that is the case. Just curious how would I know what the old one was? Is there some type of log file I can pull up?

Thanks again for the quick response. 

@Dartey_Banahene  I've never had to do this, solely being an Intune administrator, but check out this support article from Microsoft. https://support.microsoft.com/en-ca/help/2619308/how-to-troubleshoot-deleted-user-accounts-in-office...

@eglockling 

You rock! Again thank you for all of your help. I'm just kicking off a project to get rid of our environments Physical Domain Controller. Very exciting stuff, but I'll give the docs a gander and see what happens. I'll update the thread with what I find.