Intune Question - Change Primary User - Greyed out.

Question

My Windows 10 Devices are all Hybrid Azure Domain Joined.

However I am unable to click on the option Change primary user as the button is greyed out.

Can anyone advise why this is the case please?

Answer 1

I came here to document a potential fix for other users with the same problem. We had the same problem with "Change Primary User" grayed out in Intune. I noticed the issue was due to having local user accounts on an Azure AD-connected PC. After I remove the local account, I can change the primary user in Intune. You can delete user accounts by following these steps:

IMPORTANT: Deleting a user account deletes all associated data with the account. You should only do this if you are sure you no longer need the local user account, as this action cannot be undone.

1.) Type "Computer Management" in the Windows search bar and open the app.

2.) Go to the following menu: Computer Management (local) > System Tools > Local Users and Groups > Users

3.) Right-click the user(s) you would like to delete.

Note: Not all users listed are local user accounts. For example, Administrator, Default Account, and WDAGUtilityAccount, are built-in Windows accounts and do not need to be deleted. Only delete user accounts you are 100% positive you no longer need. This action cannot be undone.

4.) Select "Delete" and confirm.

5.) Restart the computer and check Intune.

Answer 2

@Chris Yue - I was having the same issue. The device was Azure AD joined and I when I checked my InTune permissions, it showed, "You are an administrator with full permissions to all Intune resources." I put in a ticket in with MS and we found the issue.

The main issue was the MDM User Scope found under Devices | enroll devices | auto enrollment - it was set to none and needed to be set to all. After this, the primary user could be changed with any newly enrolled device. Also, company portal is only really needed if you want your users to see software available to them without installing it - it is not required to join the device.

Answer 3

Thanks for all the responses everyone.

For Hybrid Joined devices, I was able to change the Primary user account so long as enrolment was triggered via MDM autoenrollment via Group Policy,

Since COVID and with an increasing number of users spending more time WFH, I have changed our laptop builds to AADJ via Autopilot which makes lifer much more easier.

Answer 4

Basically, it's allowed to change primary user when the device is Azure AD joined or Hybrid Azure AD joined.

Please check the roles of the Intune admin, and make sure it has been granted the sufficient permissions. Please click the following link for more details about Intune roles.

https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

Plus, please sign in to the Azure AD portal, choose Azure Active Directory - Devices - All devices, search for the device name, and check if there is device item, which has Azure AD registered join type. If so, you may can't change the primary user for this device.

Update
=======

To my knowledge, there are two reasons that the primary user can not be modified.

1. The user account access the MEM admin center, doesn't have the permissions, such as "Managed devices/Set primary user "permission.
2. The device needs to be a Azure AD Joined or Hybrid Azure AD Joined device. To verify it, you can check the enrollment type in Intune on the device by using graph explorer or PowerShell and looking at the managedevices/deviceEnrollmentType value. The Enrollment type would need to be one of the supported values: (WindowsCoManagement, WindowsBulkUserless, WindowsAzureDomainJoined). Please click the following link for more info about enrollment type.

intune-shared-deviceenrollmenttype

Besides, the following blog article introduces the feature about changing primary user in more details.

https://techcommunity.microsoft.com/t5/intune-customer-success/change-the-intune-primary-user-public-preview-now-available/ba-p/1221264/page/2#comments