This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 9%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECY%3C/text%3E%3C/svg%3E)
My Windows 10 Devices are all Hybrid Azure Domain Joined.
However I am unable to click on the option Change primary user as the button is greyed out.
Can anyone advise why this is the case please?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 34%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
@Chris Yue - I was having the same issue. The device was Azure AD joined and I when I checked my InTune permissions, it showed, "You are an administrator with full permissions to all Intune resources." I put in a ticket in with MS and we found the issue.
The main issue was the MDM User Scope found under Devices | enroll devices | auto enrollment - it was set to none and needed to be set to all. After this, the primary user could be changed with any newly enrolled device. Also, company portal is only really needed if you want your users to see software available to them without installing it - it is not required to join the device.
Thanks for all the responses everyone.
For Hybrid Joined devices, I was able to change the Primary user account so long as enrolment was triggered via MDM autoenrollment via Group Policy,
Since COVID and with an increasing number of users spending more time WFH, I have changed our laptop builds to AADJ via Autopilot which makes lifer much more easier.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 49%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWP%3C/text%3E%3C/svg%3E)
I came here to document a potential fix for other users with the same problem. We had the same problem with "Change Primary User" grayed out in Intune. I noticed the issue was due to having local user accounts on an Azure AD-connected PC. After I remove the local account, I can change the primary user in Intune. You can delete user accounts by following these steps:
IMPORTANT: Deleting a user account deletes all associated data with the account. You should only do this if you are sure you no longer need the local user account, as this action cannot be undone.
1.) Type "Computer Management" in the Windows search bar and open the app.
2.) Go to the following menu: Computer Management (local) > System Tools > Local Users and Groups > Users
3.) Right-click the user(s) you would like to delete.
Note: Not all users listed are local user accounts. For example, Administrator, Default Account, and WDAGUtilityAccount, are built-in Windows accounts and do not need to be deleted. Only delete user accounts you are 100% positive you no longer need. This action cannot be undone.
4.) Select "Delete" and confirm.
5.) Restart the computer and check Intune.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Basically, it's allowed to change primary user when the device is Azure AD joined or Hybrid Azure AD joined.
Please check the roles of the Intune admin, and make sure it has been granted the sufficient permissions. Please click the following link for more details about Intune roles.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control
Plus, please sign in to the Azure AD portal, choose Azure Active Directory - Devices - All devices, search for the device name, and check if there is device item, which has Azure AD registered join type. If so, you may can't change the primary user for this device.
Update
=======
To my knowledge, there are two reasons that the primary user can not be modified.
intune-shared-deviceenrollmenttype
Besides, the following blog article introduces the feature about changing primary user in more details.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 85%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
I'm having the same issue as OP. When I check Devices as you suggest, join type for my test devices is Hybrid Azure AD Join. Does this mean I won't be able to change the primary user? If that's the case, will we need to give each user local admin rights so they can join their machines themselves, and then revoke that right?
I updated the previous answer.