device enrolment in intune

Yasha Kohut 20 Reputation points
2025-04-22T13:22:15.4766667+00:00

Hello,

We have a situation with our shared devices, all of which are managed by Copilot. We are facing two scenarios:

Scenario 1:

  • An IT staff member enrolled several computers using his user account. After his account was removed, many of these shared devices became non-compliant.
    • Question: What is the best way to restore these devices to compliance without wiping them, considering the large number of devices? Would applying a provisioning package (ppkg) to each device resolve this issue? Are there any specific configurations needed for the ppkg?

Scenario 2:

  • We have devices enrolled by user X. If I add a ppkg file to these devices, which enrollment will take precedence (the original user X or the ppkg)?
  • Observation: I tested adding a ppkg file with only a name change, but the name change was not reflected in Intune; the old name persisted, and everything else remained unchanged.

Any insights or recommendations would be greatly appreciated.

Microsoft Security | Intune | Enrollment
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Prathista Ilango 265 Reputation points Microsoft Employee
    2025-05-28T11:58:42.6233333+00:00

    Hello Yasha Kohut,

    Here are the answers to your queries. Hope you find them helpful.

    Scenario 1: If these are shared devices, one approach to restore compliance without wiping them is to configure the devices as shared multi-user Windows devices. This can be done by:

    • Applying the shared multi-user device configuration policy in Intune.
    • Assigning the policy to the affected devices.

    More information on this policy is available here:

    Shared or multi-user Windows device settings in Microsoft Intune | Microsoft Learn

    Note: This approach does not reassign the primary user or re-enroll the device but is useful in shared device environments where user-specific configurations are less relevant.

    Otherwise, the ideal solution would be to unenroll and re-enroll.

    Scenario 2: If a device is already enrolled in Intune by a user (e.g., user X), applying a provisioning package (.ppkg) will not override the existing enrollment unless the package includes a mechanism to:

    • Unenroll the device from Intune
    • Leave and rejoin Azure AD or Trigger bulk enrollment

    Simply using a .ppkg to rename the device or apply configuration changes will not affect its enrollment status. In this case, the original user’s enrollment and associated settings will remain intact, and the new name or configurations may not reflect in Intune.

    In short: The original enrollment takes precedence, and .ppkg changes are limited unless re-enrollment is explicitly triggered.

    If you found the information above helpful, please Click Yes. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.