Share via

"Detailed explanation of how device-based licenses function for Intune when using a dedicated Entra instance

Montoya, Mabelle 160 Reputation points
2025-11-28T20:23:11.8966667+00:00

I would like to request clarification on the following points regarding Microsoft Entra dedicated device mode and licensing:

  1. Licensing Requirements
  • When we use dedicated Entra mode, are we consuming a device license or a user license?
  • For users who log into these dedicated devices:
 *   Do they require an Intune license to access the device and Microsoft apps?

 *   Or would a license such as Microsoft 365 Business Basic be sufficient for app access?
  1. Device License Usage Reporting
  • We noticed that the device license usage does not change when we enroll dedicated devices.

Example: We have 5 device licenses, enrolled 4 devices, but the usage still shows 0 used out of 5.

  • Is this behavior by design?
  • If usage is not tracked, what happens if we exceed the purchased device license count? Will devices fail to activate Microsoft 365 Apps or switch to read-only mode?

We have 4 Android tablets at each branch location, and around 4 users can use any of the tablets at a given time.

These devices will be enrolled in Microsoft Entra shared mode, managed by Intune, and multiple users will sign in and out to use Office apps and other apps (e.g., Instagram). Questions:

  1. In this shared device scenario, if all users are assigned Microsoft 365 Business Premium, do we still need a separate device license for the tablets?
  2. If we purchase Microsoft Intune Plan 1 Device license, will assigning Microsoft 365 Business Standard or sometihing equivalent to users be sufficient? Or do we need to purchase Microsoft 365 Apps device-based license and assign it to the device?

Additionally:

  • We have dedicated rugged phones (Ulefone) that do not use Office apps. Will Microsoft Intune Plan 1 Device license be enough for managing these devices in Intune?
  • If yes, do we need to assign the license to the device via a group by going to Billing > licenses >..., or will it be automatically assigned and tracked?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

Answer accepted by question author

  1. Anonymous
    2025-12-01T08:57:25.8466667+00:00

    Hello Montoya, Mabelle,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I will try to clarify your doubts one by one.

    1.Do they require an Intune license to access the device and Microsoft apps? Or would a license such as Microsoft 365 Business Basic be sufficient for app access?

    When using Microsoft Entra dedicated device mode (Android Enterprise dedicated/shared device mode), you consume an Intune Plan 1 Device license per enrolled device for management, not a user license.​ Users signing into these dedicated devices do NOT require their own Intune license just to access the device and Microsoft apps, the device's Intune Plan 1 Device license covers management for all users on that shared/dedicated device.​

    Microsoft 365 Business Basic is NOT sufficient for full app access because:

    • Business Basic does not include Intune (no MDM capabilities)
    • Business Basic does not include desktop Office apps (only web/mobile limited versions)
    • For Office app access on shared devices, users need either: Their own M365 Business Premium/Standard (includes Intune + full Office), OR Device assigned Microsoft 365 Apps device-based license

    Do refer below docs for better understanding:

    https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses

    https://learn.microsoft.com/en-us/answers/questions/1387877/microsoft-intune-plan-1-device-vs-microsoft-intune

    2.Is this behavior by design? If usage is not tracked, what happens if we exceed the purchased device license count? Will devices fail to activate Microsoft 365 Apps or switch to read-only mode?

    Yes. Device license usage for Intune Plan 1 (Device) or Microsoft 365 Apps (Device) is not actively tracked in the admin center the way user licenses are. The license count shown in Billing is informational and does not decrement automatically when devices are enrolled. This is by design for device-based licensing

    Microsoft does not enforce hard blocking when you exceed the purchased device license count. There is no automatic failure or lockout for Intune device licenses. Compliance is based on your agreement terms, and Microsoft expects organizations to stay within licensing terms.

    For Microsoft 365 Apps device-based licenses:

    • If a device is not assigned a valid device license (via Microsoft Entra group), Office apps will enter Reduced Functionality Mode (read-only). Users can open and print documents but cannot edit or create new ones.
    • Proper assignment is required for activation. If the device is licensed, anyone signing in can use Office normally.

    Reference: https://learn.microsoft.com/en-us/troubleshoot/microsoft-365-apps/activation/device-based-licensing

    https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses-assign

    https://learn.microsoft.com/en-us/microsoft-365-apps/licensing-activation/device-based-licensing

    3.(a)If all users are assigned Microsoft 365 Business Premium, do we still need a separate device license for the tablets?

    Yes, you still need to purchase the separate Microsoft Intune Plan 1 Device license for the tablets.

    • Intune Management: The Android Enterprise Dedicated Device enrollment method is designed for devices without a primary user (userless/shared scenarios). This means the management rights must be covered by the Intune Plan 1 Device license, which is intended for kiosks and shared devices. The Intune Plan 1 (user) license included in Business Premium does not cover this specific device enrollment type.
    • Office Apps: The user's M365 Business Premium license does cover the right to sign in and use the Office apps (Word, Excel, etc.) on the shared device.

    3.(b) If we purchase Microsoft Intune Plan 1 Device license, will assigning Microsoft 365 Business Standard (or similar) to users be sufficient? Or do we need to purchase Microsoft 365 Apps device-based license?

    This combination is sufficient and is often the most cost-effective and compliant model.

    • Management: The Intune Plan 1 Device license covers the device's management in Intune.
    • Office Apps: Assigning Microsoft 365 Business Standard (or Premium) to the users covers the user's right to sign into the Office apps on the shared tablet. Because all users are licensed for M365 Apps, you do not need the separate Microsoft 365 Apps device-based license.

    The Microsoft 365 Apps device-based license is only necessary if some of your users accessing the shared tablets do not have an M365 license that includes the Office apps (e.g., they only have Entra ID Free or Exchange Online).

    4.(a)We have dedicated rugged phones (Ulefone) that do not use Office apps. Will Microsoft Intune Plan 1 Device license be enough for managing these devices in Intune?

    Yes, the Microsoft Intune Plan 1 Device license is exactly the right license for this scenario.

    Reasoning:The Intune Plan 1 Device license is specifically designed for devices that:

    • Are company-owned and dedicated to a specific task.
    • Do not have a primary, dedicated user (or use a shared/generic login).
    • Do not require user-centric features like email, calendar, or user-based Conditional Access.
    • Do not use Microsoft 365 Apps (Office).

    Since your rugged Ulefone devices meet all these criteria (they are dedicated, rugged phones that do not use Office apps), the Device license is the most compliant and cost-effective way to manage them for MDM, compliance policies, and app deployment (for non-Office apps like Instagram).

    Reference: https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses

    (b)If yes, do we need to assign the license to the device via a group by going to Billing > licenses >..., or will it be automatically assigned and tracked?

    No, you do not assign the Intune Plan 1 Device license to the device or a group in the Admin Center.

    Reasoning: The Intune Plan 1 Device license is treated as a tenant-wide entitlement.

    • Assignment: You purchase the licenses, but you do not manually assign them to users or devices in the Microsoft 365 Admin Center. The license count shown in the Billing section acts as a pool of available management rights.
    • Tracking: When you successfully enroll a rugged phone using a device-centric method (like Android Enterprise Dedicated Mode), Intune consumes a right from this pool. However, this consumption is typically not reflected in the standard license usage reports, which primarily focus on user licenses. You must manually track your enrolled dedicated devices against the number of device licenses you purchased to maintain license compliance.

    Reference: https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/licenses-assign

    Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote. This will help us and others in the community as well.

    If you need more info, feel free to ask in the comments. Happy to help!

    Regards,

    Monalisha

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Montoya, Mabelle 160 Reputation points
    2025-12-01T14:07:12.47+00:00

    Just to clarify, the devices in question are Android tablets. Regarding your cost-effective suggestion of assigning Microsoft 365 Business Premium to each user, what type of Intune enrollment would you recommend for this scenario?

    Our concern is that using Corporate-owned, fully managed user devices will lock the device to a single user. If another user logs in, they would either gain access to the previously activated account or need to remove it and activate with their own account, which could cause operational issues. Most users primarily use Outlook and Microsoft Teams on these tablets. We want to ensure smooth access for multiple users without unnecessary complexity. Additionally, if we go with Intune Plan 1 and Microsoft 365 Apps device-based license, what type of enrollment should we use, given that any of the 4 users can log in to any of the 4 Android tablets? Could you advise on the best approach for this use case? And Could we schedule a call on Monday as we are in process of migrating MDM to Intune and run out of time as our contract with the other MDM is expiring soon and will need to decide on the enrolment and licensing?

    0 comments
  2. Montoya, Mabelle 160 Reputation points
    2025-11-28T21:34:31.3866667+00:00
    1. For shared Entra mode, will the combination of Microsoft Intune Plan 1 (device license) and Microsoft 365 Business Standard (user license) work for users who need access to Microsoft 365 apps on these shared devices?
    2. In the first scenario: * Each branch office has 4 tablets and 4 users. * Any of the 4 users can use any of the 4 tablets. * All users need access to Microsoft 365 apps. What would be the most cost-effective licensing option for this setup? (it doesn't has to be Entra shared mode)
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.