Change the primary user of a Microsoft Intune managed Windows device

When managing devices with Microsoft Intune, it’s important to define a primary user for each device. The primary user is the person who will primarily use the device, and Intune uses this information to help manage and secure the device.

Here are a few reasons why defining a primary user is important:

• User-based policies: Intune can apply policies and settings based on the user who is using the device. This allows you to provide a personalized experience for each user and enforce security policies specific to their role or department.
• Device enrollment: When a user enrolls a device in Intune, the primary user information is collected and associated with the device. This makes it easier to manage the device and troubleshoot issues if they arise.
• Reporting and analytics: Intune provides detailed reporting and analytics on device usage and compliance. By defining a primary user, you can get more accurate insights into how each device is being used and which users are most active.
• License management: If you’re using Intune to manage licenses for Office 365 or other applications, defining a primary user can help ensure that licenses are assigned to the correct user.

Overall, defining a primary user is an important step in managing and securing devices with Intune. By doing so, you can provide a better user experience, enforce security policies, and get more accurate insights into device usage.

Configuring a Primary User

When a device has been enrolled for the first time it will automatically set the next user who sings into the device as its primary user. When you need to change the primary user you have to change it in the Microsoft Intune portal. The next steps will show you how this can be done.

Firstly switch to https://endpoint.microsoft.com and select devices:

The next step is to choose the platform Windows as you currently can only change primary users from Windows devices. On mobile platforms like iOS and Android it is not possible to change the primary user. The same restriction counts for macOS devices because this devices are enrolled for the specific user whereas on Windows devices the enrollment is for the device itself.

Klick on your device to open the properties. On the device page select the „Properties“ blade:

As you can see the device is currently assigned to „MAX MUSTERMANN“ as the primary user. Directly below the currently primary user from your Azure AD you can Change or Remove the primary user. When you click on „Remove primary user“ the user will be cleared and the next user who signs into the device will become the new primary user. If you select „Change primary user“ you will see a window on the right side of your browser where all Azure AD users will be shown and you can select a new user. After you’ve changed or removed the current primary user don’t forget to klick on „Save“ to apply the changes.

Once you have changed the primary user the device will apply this configuration change on the next sync and the new user will be shown locally on the device as the primary user.