Find the primary user of an Intune device
Primary User, also known as User Device Affinity, is a property of each Intune device. An Intune device can have zero or one primary user assigned to it. When there's no Primary User assigned, the device is referred to as a "Shared Device".
How to find a device's primary user
- Sign in to the Microsoft Endpoint Manager Admin Center.
- Choose Devices > choose a device.
- On the Overview page, choose See more and you'll see the primary user listed.
What is the primary user?
The primary user property is used to map a licensed Intune user to their devices in:
- The Company Portal app
- End-user website
- IT pro experiences, like troubleshooting pages in the Azure portal. These pages map user accounts to devices by using the primary user.
Company Portal app
The Company Portal app expects that the user account that signed in to the Company Portal is the primary user of that device. If another user has been assigned as the primary user, the Company Portal shows a warning:
“This device is already assigned to someone in your organization. Contact company support about becoming the primary device user. You can continue to use Company Portal but functionality will be limited.”
If an Intune device has no primary user assigned, then the Company Portal app detects it as a shared device. Shared devices are visually identifiable with a “shared” label appearing on the device tile. In this mode, the Company Portal can still be used to request and install available apps. However, self-service actions (reset/rename/retire) aren't available.
To appear in the Company Portal on shared devices, available apps must be assigned to a user group. They'll be installed in the system context or user context, depending on how the app was configured by the IT administrator. For more information about app context, see Installing apps on Windows 10 devices. Company Portal version 10.3.4651.0 or later is required to use this feature.
Who is assigned as the primary user?
Intune automatically adds primary user to devices during or soon after enrollment. The enrollment method determines when the primary user is added to a device.
|Platform||Enrollment method||Primary user assigned||Primary user is assigned|
|Windows||Add work or school (user driven)||Enrolling user||During enrollment|
|Windows||Modern App sign-in (user driven)||Enrolling user||During enrollment|
|Windows||Enroll in MDM only (user driven)||Enrolling user||During enrollment|
|Windows||Azure AD join (out of box experience)||Enrolling user||During enrollment|
|Windows||Azure AD join (Autopilot out of box experience)||Enrolling user||During enrollment|
|Windows||Enroll in MDM only||Enrolling user||During enrollment|
|Windows||Hybrid AADJ + automatic enrollment GPO||First user to sign in to Windows||When first user signs in to Windows|
|Windows||Co-management||First user to sign in to Windows||When first user signs in to Windows|
|Windows||Azure AD join (bulk enrollment token)||None||Not applicable|
|Windows||Azure AD join (Autopilot self-deploying mode)||None||Not applicable|
|Cross-platform||User driven enrollment with Company Portal App||Enrolling user||During enrollment|
|Cross-platform||Device Enrollment Manager (DEM)||Enrolling DEM user||During enrollment|
|iOS, macOS||Apple Automated Device Enrollment (DEP with User Affinity||Enrolling user||During enrollment|
|iOS, macOS||Apple Automated Device Enrollment (DEP without User Affinity)||None||Not applicable|
|Android||Android Corporate-Owned, Dedicated devices||None||Not applicable|
Primary user and Azure AD device owner
In some cases, the Intune primary user may be different from the Azure AD Device’s Owner property (viewable under Devices > Azure AD Devices). The Azure AD Device owner is added during a device’s registration into Azure Active Directory.