If an Intune device is not enrolled as a shared device or kiosk device, it always has a primary user. This creates a relation between the device and the user. This user is also used to license the device. This user only has the possibility to see this device in the company portal / company portal website and trigger certain self service actions. Also, while troubleshooting, an Intune admin can select this user in the Troubleshooting + support menu in Intune and directly see their devices.
The primary user is automatically added after the the enrollment of an intune managed device. It is possible to change the user to an other or remove this user to switch the device into a shared device.
Where can I find the Primary User
- Open the MEM Portal
- Click Devices -> All Devices
- Select a device
- Click Properties
Here you can find the primary user. You also have the possibility to change or remove the user.
How can I remove the primary user to switch the device to a shared device?
When a device has no primary user assigned it is a shared device. Shared devices has an identification label on the device in the company portal. One shared devices all users have the possibility to install apps. Self-service actions are not available by devices operate in the shared mode.
In this section we will look at how you can delete the primary user of all device / a list of devices automatically via powershell script.
In the Git hub repository from microsoft there is a script how to show, change and delete the primary contact for a single device. We have adapted this script a bit so that this is done for all devices.
I have uploaded the customized script to my Git repository. Before you run it, you should adjust the filter so that only the devices you want to change are changed.
I hope I could help you with the blog.
Stay healthy, Cheers
Jannik
Modern Device Management 
How could this be used to delete the primary user for devices within a specific group? im super new at managing intune with powershell. Thank you!
LikeLike
Hey Juan, this is only to remove the mapped user from an intone object. To delete the use from a Aad group you need an other graph call.
LikeLike
Script is giving multiple errors. Which modules are necessaire?
LikeLike
Can you try to install “Install-Module AzureAD”
LikeLike
How can I adjust the filter, or how can I get it to process more than 2000 computers?
LikeLike
You need here an loop for the paging or you can also use the powershell graph sdk with the parameter -all. If you need support here let me know then I will provide you the script to do this.
LikeLike
Hi. I am trying to run Get-Win10… but its not recognize the cmlets. Installed and imported ADAzure, ADAzurePreview and even Microsoft.Graph.Intune modules but still not joy. Any ideas?
LikeLike
Hi. I am trying to run the above script as well and i get an error “Delete-IntuneDevicePrimaryUser : The term ‘Delete-IntuneDevicePrimaryUser’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:8 char:5
+ Delete-IntuneDevicePrimaryUser -IntuneDeviceId $deviceEntry.id -E …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Delete-IntuneDevicePrimaryUser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
LikeLike
Did you execute the complete script? If you want we can have a look on this together
LikeLike