Change Enrolled by user to a different user!!!

Barzan M Hassan 6

I have a device with two different user:

Primary user is : X
Enrolled by: Y (the user is deleted)

I want to change the enrolled by user to x user in microsoft endpoint manager.

Does that possible by script or any other way to do it?

Best,
Barzan

Dan R 26 Reputation points

2022-12-01T12:14:01.667+00:00

They really need to fix this.

As an admin setting up devices, I'm always enrolling the devices using my admin account, I'm not taking a laptop out to the user, asking them to enroll the device only so I can take it back and finish configuring it before then bringing it back to them. What a stupid workflow which makes us look incompetent.

Why is there seemingly no way to remove the enrolment limit for the administrators? Why can we not change the person who has enrolled a device and why would it matter?

Yes, there are still some manual tasks that need carrying out for certain setups before a device is given to a user, it's not possible to automate every little thing all the time.

8 answers

Michael Reygers 5 Reputation points

2024-03-28T05:40:37.4366667+00:00

We'll I'm having the same issue, except for me the user that enrolled the device was configured as an enrollment manager and they have now left the company.

Now i have dozens of devices losing their mind as I am unable to edit the default device compliance policy, just turning it off, which itself is against Microsoft's own recommendations.

Not sure why the enrolling user is a requirement in that policy. Why does it matter?

So if the intention is for the primary user to also be the enrolling user why do enrollment managers even exist.

If the design Intune is to wipe the device when the user changes, why can we change the primary user?
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Rahul Jindal [MVP] 9,146 Reputation points MVP

2022-05-02T07:14:02.657+00:00

As far as I know you cannot change the enrolled user like that. The only and correct way to do this will be through a reset of the device.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Jarvis Sun-MSFT 10,091 Reputation points Microsoft Vendor

2022-05-02T09:19:14.033+00:00

@Barzan M Hassan Thanks for posting in our Q&A.
As RahulJindal-2267 said, only re-enrolling the device is the correct way to change the enrolled by user.
However I noticed that your User Y was deleted. I wonder If the user account still have the same AAD ObjectID it had before it was restored? Maybe we can find a way to get it back, check out this support article https://learn.microsoft.com/en-US/office365/troubleshoot/active-directory/restore-deleted-user-accounts

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

https://learn.microsoft.com/en-us/answers/support/email-notifications
Please sign in to rate this answer.
Admin Eugene Meenan 0 Reputation points

2024-04-10T07:37:17.6933333+00:00

This is very pointless - why this isn't made simple astounds me as it will happen to lots of companies who have their devices just AAD and not on prem or hybrid - the scenario is basically the enrollment manager leaves or dies all those (maybe 1000 devices) he enrolled are now most likely not in compliance that's a lot of devices to have to re-enroll and also from my experience so many will appear twice in AD if they are just removed from intune. Did Microsoft not think of this or is there a particular reason, cos that I would understand. That article of recovering deleted user(enrollment manager) is a bit silly if the manager was removed for a reason it still means you either have to recover this non existent user burdening a licence and security risk for this account that has no-one to apply to it. Has microsoft not thought maybe an enrollment group then accounts in that group can be changed but the device is enrolled by the group not the user. - just a thought.

Jason Sandys 31,151 Reputation points Microsoft Employee

2024-04-10T20:54:33.2866667+00:00

The DEM designation/right is not intended to be assigned to an individual user but is instead best used as or assigned to a shared type account where this cannot happen for exactly the reasoning called out. Yes, this requires an additional user license.
Sign in to comment
Jason Sandys 31,151 Reputation points Microsoft Employee

2022-05-10T17:30:07.537+00:00

What's the scenario here where you want to do this?
Please sign in to rate this answer.
Musgrave, Ian 1 Reputation point

2022-07-21T14:45:42.6+00:00

I have a scenario for this. We recently deployed HAADJ with Intune enrollment. Shared devices were swept into this mix so we have multi user devices registered to single names. We have since setup a DEM account to handle this enrollment type, but now to fix this our only options are to either autopilot a whole fleet of devices OR hand unenroll reenroll logged in as the DEM profile. Would be so helpful to be able to manually change with a script or within the console against a group of devices. Hell, would even take singular manual change in the console at this point.

Jason Sandys 31,151 Reputation points Microsoft Employee

2022-09-09T16:26:36.917+00:00

While this use case is valid, how you got there is not -- the path followed was basically not what we designed for or intended. You should open a support case to see if support has a way to perform this change.
Sign in to comment
Anderson, Charles 1 Reputation point

2022-07-30T21:02:21.897+00:00

Another reason to change the enrolled user it would fix the issue with the limit on how many devices one can have enrolled unless they update the 50 which is the default to 100.
Please sign in to rate this answer.
Jason Sandys 31,151 Reputation points Microsoft Employee

2022-08-01T15:33:04.917+00:00

What issue? Why would/does a single user need to enroll that many endpoints and why isn't a DEM account suitable?
Sign in to comment