question

ChrisYue-8632 avatar image
1 Vote"
ChrisYue-8632 asked ChrisYue-8632 answered

Intune Question - Change Primary User - Greyed out.



My Windows 10 Devices are all Hybrid Azure Domain Joined.

However I am unable to click on the option Change primary user as the button is greyed out.

Can anyone advise why this is the case please?

mem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyLiu-MSFT avatar image
0 Votes"
AndyLiu-MSFT answered AndyLiu-MSFT commented

Basically, it's allowed to change primary user when the device is Azure AD joined or Hybrid Azure AD joined.

Please check the roles of the Intune admin, and make sure it has been granted the sufficient permissions. Please click the following link for more details about Intune roles.

https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

Plus, please sign in to the Azure AD portal, choose Azure Active Directory - Devices - All devices, search for the device name, and check if there is device item, which has Azure AD registered join type. If so, you may can't change the primary user for this device.

Update
=======

To my knowledge, there are two reasons that the primary user can not be modified.

  1. The user account access the MEM admin center, doesn't have the permissions, such as "Managed devices/Set primary user "permission.

  2. The device needs to be a Azure AD Joined or Hybrid Azure AD Joined device. To verify it, you can check the enrollment type in Intune on the device by using graph explorer or PowerShell and looking at the managedevices/deviceEnrollmentType value. The Enrollment type would need to be one of the supported values: (WindowsCoManagement, WindowsBulkUserless, WindowsAzureDomainJoined). Please click the following link for more info about enrollment type.

intune-shared-deviceenrollmenttype

Besides, the following blog article introduces the feature about changing primary user in more details.

https://techcommunity.microsoft.com/t5/intune-customer-success/change-the-intune-primary-user-public-preview-now-available/ba-p/1221264/page/2#comments


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm having the same issue as OP. When I check Devices as you suggest, join type for my test devices is Hybrid Azure AD Join. Does this mean I won't be able to change the primary user? If that's the case, will we need to give each user local admin rights so they can join their machines themselves, and then revoke that right?

0 Votes 0 ·

I updated the previous answer.

0 Votes 0 ·
DerekGillespie-4348 avatar image
0 Votes"
DerekGillespie-4348 answered DerekGillespie-4348 edited

@ChrisYue-8632 - I was having the same issue. The device was Azure AD joined and I when I checked my InTune permissions, it showed, "You are an administrator with full permissions to all Intune resources." I put in a ticket in with MS and we found the issue.

The main issue was the MDM User Scope found under Devices | enroll devices | auto enrollment - it was set to none and needed to be set to all. After this, the primary user could be changed with any newly enrolled device. Also, company portal is only really needed if you want your users to see software available to them without installing it - it is not required to join the device.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChrisYue-8632 avatar image
0 Votes"
ChrisYue-8632 answered

Thanks for all the responses everyone.

For Hybrid Joined devices, I was able to change the Primary user account so long as enrolment was triggered via MDM autoenrollment via Group Policy,

Since COVID and with an increasing number of users spending more time WFH, I have changed our laptop builds to AADJ via Autopilot which makes lifer much more easier.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.