All / Intune / Powershell / Windows

Remove the primary user from Intune devices with powershell (Switch to shared device)

jannikreinhard11 Comments

If an Intune device is not enrolled as a shared device or kiosk device, it always has a primary user. This creates a relation between the device and the user. This user is also used to license the device. This user only has the possibility to see this device in the company portal / company portal website and trigger certain self service actions. Also, while troubleshooting, an Intune admin can select this user in the Troubleshooting + support menu in Intune and directly see their devices.

The primary user is automatically added after the the enrollment of an intune managed device. It is possible to change the user to an other or remove this user to switch the device into a shared device.

Where can I find the Primary User

  • Open the Intune Portal
  • Click Devices -> All Devices
  • Select a Device
  • Click Properties

In this overview you can find the primary user. You also have the possibility to change or remove the user.

How can I remove the primary user to switch the device to a shared device?

When a device has no primary user assignment, it is categorized as a shared device. These shared devices are identifiable through a unique identification label displayed in the company portal. In this shared mode, all users have the capability to install apps on the device. However, self-service actions are not accessible when devices are operating in shared mode.

In this section we will look at how you can delete the primary user of all device / a list of devices automatically via a powershell script.

In the Git hub repository from microsoft there is a script which shows how to change and delete the primary user for a single device. We have rewritten this script to loop through multiple devices as well to move this to the graph sdk to make it easier to change.

I have uploaded the customized script to my Git repository. Before you run it, you should adjust the filter so that only the devices you want to change are touched.

Here is a example how to add an filter to only update Windows Devices with an specifc version: 

$filter = "*10.0.19045*"
if(-not ($filter -eq '*')){
    $allDevices = $allDevices | Where-Object {$_.osVersion -like $filter}
}

I hope I could help you with the blog.

Stay healthy, Cheers
Jannik

11 thoughts on “Remove the primary user from Intune devices with powershell (Switch to shared device)

  1. Hello! I was able to bypass 2 of the errors. One error was if a user did not have an Intune license (test account) and the other error I was able to bypass by commenting out a Break.

    My issue now is, the script completed after going through all devices that Start with a “C”. Is there a limit or a timeout period?

    Like

Comments are closed.