Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Change registereed owner for corporate owned devices

We shouldnt have to reenroll a device everytime a device changes owner. Please can you make it possible to change the device owner for corporate devices so we can propally audit without additional software? Kinda the purpose of an MDM

886 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Luke Page shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the comments, just a few questions to the gallery.

    What platform is this issue with. I’m only seeing IOS devices in your comments, so wanted to double check.

    Also, are you having this issue with shared devices or just re-deployment? Unclear from all the comments. Do you want to keep all installed apps on the devices? Depending on your platform, you should be able to already do this for shared devices.

    66 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • William Arrington commented  ·   ·  Flag as inappropriate

        We have users in other locations. As we migrate a computer from one user to another, we would like to assign the new user to the computer. Only one user is assigned at a time. Window 10 laptops only. So, the re-deployment is our issue. As far as apps, we are really basic, and that is not a big issue for us.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi, I can confirm it is for all devices. In my scenario: When we have new users and need to set up their device for them We register it in our name when joining to azure. This then lists the device under our username in azure, when really it belongs to someone else. As mentioned above, this makes auditing extremely difficult.

      • Anonymous commented  ·   ·  Flag as inappropriate

        When searching on Intune and AzureAD, we will find the device assigned to the user. We want to change that if we need, without deleting / retiring the device and and assigning to another user by re-enrolling it. We should be able to "switch" the owner in some way, porting things across like the Bitlocker recovery key for example.

      • Andrew Norris commented  ·   ·  Flag as inappropriate

        For me it’s windows 10 devices, not the mobile version, just windows 10 desktops and laptops. And yes we want to keep all the apps. It would also be nice if multiple users could open the company portal on the same device.

      • BW~Merlin commented  ·   ·  Flag as inappropriate

        We are using Windows 10 devices that are NOT setup in shared mode. I would imagine that we would simply be able to re-assign to another user (if assigned) or just give to another user and activate them in the console as the devices user while leaving all programmes installed.

      • Andrew commented  ·   ·  Flag as inappropriate

        Amy Spring - It affects Windows 10 devices. Here's a very common scenario for my organization:

        Employee A is about to start at our company, we grab a laptop, manually join it to Azure AD using the Employee A's credentials, enroll the device using Employee A's credentials, and ship it to the employee. 2 months later Employee A resigns and ships his laptop back to us at IT.

        Employee B is hired to replace Employee A. We aren't going to throw out a barely used laptop, so we reset Windows 10, manually join it to Azure AD using Employee B's credentials, manually enroll the device in Intune using Employee B's credentials.

        However, in Intune, it will still show Employee A. There's no way to change it. The only way to get it to update is to delete the device from the Intune portal, and then re-enroll the device.

        Also, I mentioned having to use the employee credentials multiple times to get at the issue some other people have commented on. It's not an issue when the employee is new and hasn't started yet, but it makes our process VERY ugly for existing employees who need a new laptop. I have to disable their MFA and reset their password to something we can share while I get the device joined and enrolled, which violates our own Privileged User security policies. We have to be compliant with least privilege principles for our clients, so IT don't have universal access to various Groups, and it's an issue for us that they theoretically gain access when logging in as a different employee. If we could set it up using our admin credentials and then change the user through the portal, it would make way more sense and keep us in line with fundamental compliance requirements. That would also involve licensing issues, as the admin would have to add an additional license for each laptop that's enrolled before being transferred.

      • Andrew commented  ·   ·  Flag as inappropriate

        From my experience using Intune on Azure, when the IT person joins the Windows PC to Azure AD his identity is used in Management name and Associated User. It would be useful if these fields are editable or Intune realizes the actual user assigned to the device after say a week of use.

      • Austin Sasko commented  ·   ·  Flag as inappropriate

        At least for Windows devices, it would be nice to be able to easily move a corporate-owned computer from a previous employee to a new employee without having to restore, re--enroll the device entirely. The goal would be to keep only apps that would apply to that profile / policy. If this is already possible, that would be great!

      • Ted commented  ·   ·  Flag as inappropriate

        For me, this is for PCs. If I have a PC deployed to a user, I should be able to assign software to any user logged into that device -- not just the one who 'registered' it. Also if PCs change assignment, etc.

      • DanM commented  ·   ·  Flag as inappropriate

        All installed apps should be kept, no changes to the device other than its registered owner. Applies to Windows 10 devices.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I am interested in this feature for Windows 10 devices. Often we will register the device under an admin's Azure AD account during set up and need to reassign the device to the end user afterwards to keep it consistent in inventory. This can be considered a "shared device" situation, but I can see benefits for redeployment as well. If you can provide guidance on how to do this with shared devices that would be much appreciated.

      • Andrew Norris commented  ·   ·  Flag as inappropriate

        Causing issues on my rollout, it seems this has the most votes but no comments from MSFT. Could someone please advise if this will ever get traction to being implemented

      • Anonymous commented  ·   ·  Flag as inappropriate

        why isn't this implemented already??

        I have to unscrew a huge number of Kiosk mode iOS devices from the wall, which I then need to re prepare in Apple Configurator 2 JUST to log back into intune as the original account required a password reset for security reasons..

      • Anonymous commented  ·   ·  Flag as inappropriate

        Like everyone else has stated, being able to deploy machines to users and have them properly affiliated to the user, and that user account has Standard account, not Local Admin, is absolutely essential for the intent of Intune to be met by countless organizations.

      • DanM commented  ·   ·  Flag as inappropriate

        Any comments from MSFT on this? Let's a status update please.

      • Derek Nathan commented  ·   ·  Flag as inappropriate

        I understand the security argument, however this should be up to the admin to allow device reassignment. It is a critical feature, makes managing installations very difficult. Why is it taking so long to get this feature back !

      • Joseph Owen commented  ·   ·  Flag as inappropriate

        I looked into using Graph API and PowerShell. I was able to reassign devices in Azure AD but could not change the registered user/owner in Intune. That was late 2017 tho, I haven't tried again. If you figure it out please dear god let us know. This is about the most frustrating and ridiculous issue to have, along with not being able to track company android devices.

      • John commented  ·   ·  Flag as inappropriate

        Has anyone looked into using Microsoft Graph API and PowerShell together to do this? I just looked and it seems like it would not be much work at all to make a script to do it.

      • BW~Merlin commented  ·   ·  Flag as inappropriate

        This is an absolute must. How was this not even an included ability from day one? Microsoft you want us to move away from our old tools you need to make sure the new ones have ALL the features from day one not slowly give us back what we use to be able to do.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Same thing here, extremely needed to change just the username without reenroll the device.

      Feedback and Knowledge Base