Microsoft Intune announces device-only subscription for shared resources
Published Nov 01 2018 03:28 AM 203K Views
Microsoft
The meaning of “devices” has evolved in the modern workplace, with IT expected to support not only corporate PCs and bring-your-own (BYO) devices, but also manage kiosks, shared single-purpose devices, phone-room resources, collaboration devices such as Surface Hub, and even some IoT devices. Microsoft Intune is the most comprehensive unified endpoint management platform to manage and secure this proliferation of endpoints in your organization. We are excited to share a licensing update today that further lowers your total cost of ownership (TCO).
 
Microsoft Intune is pleased to announce a new device-only subscription service that helps organizations manage devices that are not affiliated with specific users. The Intune device SKU is licensed per device per month. 
 
It is worth noting that device-based subscription does not allow you to take advantage of any user-based security and management features, including but not limited to email and calendaring, conditional access, and app protection policies. Device SKU also cannot be used for shared device scenarios where the device is managed through the user(s) on the device. Shared devices that are not affiliated with any user identity can leverage this license, for example, certain Android Enterprise purpose-build devices and kiosks as well as Windows kiosks. This license may provide compelling value for devices using enrollment methods such as Windows Autopilot self-deploying mode, Apple Business Manager or Google zero touch enrolment, where the devices are not associated with a user and no user targeted features are required, such as user-based enrollment, Intune Company Portal, conditional access, and such. 
 
For more information, please contact your Microsoft representative and review the Microsoft Licensing Terms
 
(Updated 12/20 to clarify the self-deploying use-case for Windows Autopilot)
39 Comments
Brass Contributor

How can the Intune for Devices licenses be purchased through the Office/Microsoft 365 admin portal?

Brass Contributor

Is it possible to describe the prerequisites for these subscription model? 

Deleted
Not applicable
Brass Contributor

So this license can be used to for a self deploying autopilot Kiosk? I am in a project where we want to build a public use multi app Kiosk and self deploy with autopilot. 

Brass Contributor

Please make the auto MDM enrollment from AAD P1 a part of this license - so we can use Autopilot to provision KIOSK devices.

 

Copper Contributor

Link in article does not work anymore. Was content moved or did MSFT have second thoughts on the topic?

Microsoft

Hi Daniel, both links seem to be working fine within the article. Which one did you mean?

Copper Contributor

Hi Mayunk, thanks for following up. It's the link at the end of your article: https://www.microsoft.com/en-us/licensing/product-licensing/products. I believe the embedded URL contains a trailing space which leads to an 404 error.

Microsoft

Hi @Daniel Sidler thanks for calling out. I've fixed it now. Let me know if it is still broken

Brass Contributor

I have built and deployed self deploying autopilot kiosks without a device license assigned - is this expected   ?

Copper Contributor

Hi, we orderes the following license: "Microsoft Intune Device". Further we assigned that license as the only license to a new user. Now we want to register a brand new HP Elitebook with Win 10 Pro on it with that new user. Eventually it leaves us with the Error-No. 0x80180003 (Server error, please try again). According to the Microsoft-Docs, this Error-No implies, that this user may have exceeded the allowed amount of devices to be registered (wo do not have any registered devices in intune/AzureAD yet). Also Microsoft says, that you will have to have Win 10 Pro as your OS, which we have (Win 10 Pro 1809).

 

We really dont know, how to move on from that point. We have to register and manage 30+ Win 10 Pro devices. And we are not willing to buy Hard-/Software and Licensing for a on-premise-DC.

 

Thank you so much.

kind regards,

Dominik

Copper Contributor
Hey @dmnksgrs, which of the enrollment methods (https://docs.microsoft.com/en-us/intune/device-enrollment) did you use?
Copper Contributor

Hello, how it is possible to license Windows 10 Enterprise tablets as kiosk devices without assigned users with collaboration of Intune and Microsoft Defender ATP?

Copper Contributor

Hi Mayunk, I am deploying a self-deploying Autopilot profile to multiple shared PC's with Windows 10. The enrolment should be zero touch and while it does automate part of the setup steps it unfortunately still prompts for privacy settings during the OOBE. In this situation, could the issue relate to the devices not having device based Intune licenses assigned ?  I have read elsewhere that despite a device based license being a pre-requisite it doesn't stop Autopilot and OOBE from functioning the way it should. Are you able to confirm either way please.

Microsoft

Hi Andy, this is not related to device-based licensing. Per my understanding, Windows Autopilot should always suppress the privacy page in OOBE.  If this isn’t happening, please open a support case. 

Copper Contributor

How can I check that status of device-based licensing within a tenant? Is it possible to see how many licenses have already been procured and used? The documentation on this point seems to be pretty cryptic thus far...

Copper Contributor

Hi Mayunk,

Apologies if this has been answered elsewhere but how/where do I buy Intune Device licenses from?

Iron Contributor

Hi.

 

I actually have a significant issue with this. I've been looking at using self-deploying as it fits our business model better than bulk or others as they do not work with auto-pilot. 

 

The automatic $2 a month charge, when we have a significant number of M365 E5 licensing is extremely problematic, and is making me consider dropping Intune as our MDM provider.

Microsoft

Hi @Lynn Towle 

 

Thanks for being an Intune customer and for sharing your feedback. 

 
To clarify, if you already have sufficient M365 E5 or EMS/Intune user licenses to cover all your self-deploying devices, you may not need additional device-only SKU. This device license is useful when customers have, say, 100 kiosks that are not going to be associated with users but they only want to manage the device itself from Intune. If these kiosks will not have user-identity or apps such as Office 365 on them, some customers may save costs by choosing device-only subscription for these 100 kiosks instead of extending their full M365/ EMS. As mentioned above, if you do have user-association (i.e. AAD users login/ logout) on the devices, even if they are shared, then you still require the M365 or EMS/Intune licenses. 
 
Hope this helps. Please feel free to contact your account representative if you have more questions, and we'll be happy to address them.   
 
regards
Mayunk
Microsoft

@Mayunk Jain, thank you for the additional clarification!    

Deleted
Not applicable

@Mayunk Jain 

 

Can you clarify how Azure AD P1 licenses come into play here?

 

If there are 5 Azure AD users, but 25 Kiosk devices would this license count be accurate?

  • 5x Azure AD P1 licenses
  • 5 Intune user licenses
  • 25 Intune device-only licenses
Microsoft

Hi @Deleted 

 

It is recommended that you work with your account team to confirm licensing, since they will have most complete understanding of your situation. See my response above w.r.t scenario where additional device-only licenses may be needed. Based on your information, 25 device-only licenses are sufficient to deploy 25 kiosks and your existing AADP1 licenses cover the use of Windows Autopilot self-deploying mode as well. 

Copper Contributor

Hi @Mayunk Jain 

 

A customer (non-profit org) is needing Intune device-only subscription.

I have found the license on my CSP platform but :

 

- Does the SKU exists for non-profit organizations ?
I only found the license for commercial organizations.

 

- How can the device-only subscription is affected to the devices ?
I cannot find where to get a list of licensed and unlicensed devices to view the status of them.

 

Regards,

 

Olivier

Copper Contributor

Hi @Mayunk Jain 

 

I have two questions:

 

Q1:

If you have Enterprise Mobility + Security Licenses, then do you need to purchase Intune Device Based licenses when you want to use Kiosk mode with Automatic Logon? 

 

I ask this because I have scenario where I'm unable to use Autopilot Self-Deploying mode (due to lack off TPM 2.0). So I'd need to first sign into the device using an Azure AD user that has an Intune license. After a while the device will receive the Kiosk Device Configuration Policy, then it will reboot and automatically sign on using the local Kiosk account.   So in this scenario, would a user-based license be sufficient?

 

Q2:

If you're using Autopilot Self-Deploying mode to deploy Kiosks, and you only have User-based licenses (like EMS E3, Microsoft 365 E3, etc.), then how do you assign those licenses to those devices? Or is it sufficient to just have them in possession. And if it is sufficient, does that mean that you need to make sure that you "reserve" an activation for that device? For instance: you have one user who has licensed 4 Windows devices, and has 1 license left for a Kiosk device, then that person must make sure not to use the remaining license on another pc, correct?

 

Thanks in advance.

 

 

Sincerely,

Tommy

Iron Contributor

How does this compare with using a Device Enrollment Management account?

Copper Contributor

I have a few devices configured using the Kiosk mode, However, my licenses are still not being used.

Copper Contributor

I'm working with a Cell company.  They want to sell a management skw with each device they sell to their subscribers.  I would be the CSP assigning the licenses.  Can I use the $2 skw for device management knowing they wont have a user enrolled into ad or anything like that?  Seems like some basic tasks could accomplished. 

Copper Contributor


We are deploying dedicated devices (android tablets) for surveys purposes. We initially bought about 10 Intune per device licenses. So far we have enrolled 20 devices or more but the "consumed units" under Azure license blade is not updating. We opened a ticket with Microsoft support and we keep on being told that licenses should be assigned to users when this obviously is contradictory according to the nature of the enrolment ("manage devices that are not affiliated with specific users").

We are all concerned that we'd end up with an unexpected ad unpredictable bill rather than breaking licensing agreements without knowing.

How do we keep tight governance in place @Mayunk Jain ?

Cheers,

 

 

Brass Contributor

Hi, just a question for anyone who is using this self-deploying mode -- what OS version are your devices running, and how do you get them into your tenant's list of AutoPilot devices to begin with?

Copper Contributor

We are developing new Kiosk profile leveraging Intune configuration profile: Kiosk. At this moment we cannot fully automate the Kiosk setup (using for example a freshly download Windows 10 ISO 20H2 from Microsoft) because at startup it will prompt us for user credentials. while we have already upload hardware hashes to Intune/AzureAD. Maybe this automation is not possible? without customizing the (clean) image.

 

So the Intune device based licensing sounds like something we want to have. But where to find more information how to setup? Again, we do not want to provide a user account (with appropriate license), that should be possible with device-only subscription you have introduced?

Copper Contributor

Is it the expected behavior that when a device is enrolled with user affinity with both user based and device based configuration policies that if another users logs onto to that device and is not the primary user or a unlicensed user, the configuration policies will be removed. For example the wifi device configuration policy will no longer be applied ? I am looking for clarity on this behavior. Is it by design. Can only the primary user or maybe even a secondary licensed user (User license) log onto the device and still expect the device policies to remain intact ? Any insights would be appreciated ...

Copper Contributor

I work in Education and we have a similar issue with Intune licensing that we once had with M365 Apps licensing. M365 Apps solved that issue by offering free device licenses to EES/Campus licensed organisations. These device licenses make the Apps licensed to the device itself and not an individual user.

 

We have an issue, which admittedly will be relatively rare elsewhere, where we still have a few thousand users who are not yet on Active Directory. Their computers are joined to the domain but they do not use AD accounts of any kind. Therefore, we have circumstances where a licensed user may not logon to these computers. Without that, they never enrol in Intune. This is a significant compromise to our management as we are trying to focus on Intune as being the primary managing system. Our security configuration depends on Intune. Intune being tied to a licensed user is a real Achilles' Heel in this scenario. We could do with device licensing like that available for M365 Apps, so that we can manage all of our devices without requiring an AD logon to occur. Why has this been dealt with for M365 Apps but not Intune? Perhaps their implementation could be used as a template.

 

We have around 120 schools to look after and only a small IT team looking after them. We had hoped that each device would be logged onto at least once by the IT team but with the pandemic and other circumstances, that hasn't happened.

 

We do intend to solve the lack of AD accounts but that project has been having some implementation difficulties that have led to delay after delay.

 

I doubt we're the only Education customer that would really benefit from the ability to license Intune on a device basis to negate the requirement for a licensed user. The ESS/Campus model does not count devices and thus it shouldn't be a threat to Microsoft's profits.

Copper Contributor

@Mayunk Jain If we do not have EMS license and purchased Intune Device license then how we can assign that license for Android Dedicated device enrollment where no user account is there and how Android device is enrolling as Dedicated enrollment without assigning license (as no entry exist in Azure or in Intune for now)?

 

It will be helpful if this can be answered and big challenge/surprise is that we all are able to enroll Android devices and iOS devices as without user affinity and without assigning any Intune device based license (as license can only be assigned if we will get entry of device in Intune or Azure)

 

Is Microsoft providing smooth/free enrollments for Dedicated Android and iOS devices without any cost of Intune Device/User based license?

Copper Contributor

Hi,

 

We bought the Microsoft Intune Device licenses but didn't have Azure Premium AD, we are on Office 365 and Azure Active Directory.

I tried connecting a user's account with the license of Intune but I don't see any difference.

 

I mean I can see my devices on Azure Active Directory under "Azure AD registered" but when I go to Microsoft Endpoint Manager, I don't see any devices. 

Why? Any help would be appreciated.

Brass Contributor

Hi @Mayunk Jain


@Mayunk Jain wrote:
To clarify, if you already have sufficient M365 E5 or EMS/Intune user licenses to cover all your self-deploying devices, you may not need additional device-only SKU.

Is this statement still true? I can't find any mention of it in the Intune per-device license documentation:
Device only licenses - learn.microsoft.com 




Iron Contributor

@MatAitAzzouzene @Mayunk Jain 

Same question here.

 

We have A5 licenses for all our users Education.
We need to have Android Kiosk Mode tablets, do we need device-license even if all our users are licensed already?
To use the KIOSK device the user needs to sign in to their session with the domain account. The user has a Intune license but no device license.

Brass Contributor

This is really not clear which license to be used for kiosk device on Windows OS. Nobody is able to give clear picture on this. there is lot of confusion about this when I raise support ticket they were not able to understand and give me the solution on this. my experience is very bad so far and I am trying to get the right info for this to setup multi app kiosk devices with Intune no luck since last 2 weeks I am struggling on this. 

Iron Contributor

@VinodS2020 My other post was deleted where i reference Microsoft own terms.

If the user using the device is licensed then you dont need a device licenses as you are covered by the license on the user.

 

If you have users using the device that is not licensed, then you need a device license

Brass Contributor

@JimmyWork 

Thanks for reply. In our case we are going to place these kiosk devices in office premises for external users so they wont have licenses in our tenant but we need to get license for device and need to assign it so we can create multi app kiosk device with different apps like Excel, PowerPoint, and other office apps as per requirements. 

 

So the question is which license we need to get and where to get it and how to setup multi app kiosk device?

Version history
Last update:
‎Apr 02 2020 08:19 AM
Updated by: