My Windows 10 Devices are all Hybrid Azure Domain Joined.
However I am unable to click on the option Change primary user as the button is greyed out.
Can anyone advise why this is the case please?
My Windows 10 Devices are all Hybrid Azure Domain Joined.
However I am unable to click on the option Change primary user as the button is greyed out.
Can anyone advise why this is the case please?
Basically, it's allowed to change primary user when the device is Azure AD joined or Hybrid Azure AD joined.
Please check the roles of the Intune admin, and make sure it has been granted the sufficient permissions. Please click the following link for more details about Intune roles.
https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control
Plus, please sign in to the Azure AD portal, choose Azure Active Directory - Devices - All devices, search for the device name, and check if there is device item, which has Azure AD registered join type. If so, you may can't change the primary user for this device.
Update
=======
To my knowledge, there are two reasons that the primary user can not be modified.
The user account access the MEM admin center, doesn't have the permissions, such as "Managed devices/Set primary user "permission.
The device needs to be a Azure AD Joined or Hybrid Azure AD Joined device. To verify it, you can check the enrollment type in Intune on the device by using graph explorer or PowerShell and looking at the managedevices/deviceEnrollmentType value. The Enrollment type would need to be one of the supported values: (WindowsCoManagement, WindowsBulkUserless, WindowsAzureDomainJoined). Please click the following link for more info about enrollment type.
intune-shared-deviceenrollmenttype
Besides, the following blog article introduces the feature about changing primary user in more details.
I'm having the same issue as OP. When I check Devices as you suggest, join type for my test devices is Hybrid Azure AD Join. Does this mean I won't be able to change the primary user? If that's the case, will we need to give each user local admin rights so they can join their machines themselves, and then revoke that right?
@ChrisYue-8632 - I was having the same issue. The device was Azure AD joined and I when I checked my InTune permissions, it showed, "You are an administrator with full permissions to all Intune resources." I put in a ticket in with MS and we found the issue.
The main issue was the MDM User Scope found under Devices | enroll devices | auto enrollment - it was set to none and needed to be set to all. After this, the primary user could be changed with any newly enrolled device. Also, company portal is only really needed if you want your users to see software available to them without installing it - it is not required to join the device.
Thanks for all the responses everyone.
For Hybrid Joined devices, I was able to change the Primary user account so long as enrolment was triggered via MDM autoenrollment via Group Policy,
Since COVID and with an increasing number of users spending more time WFH, I have changed our laptop builds to AADJ via Autopilot which makes lifer much more easier.
4 people are following this question.