Device Enrollment Manager - Enrolling a Device in Microsoft Intune
- 31 Oct 2022
- 2 Minutes to read
- Print
- DarkLight
Device Enrollment Manager - Enrolling a Device in Microsoft Intune
- Updated on 31 Oct 2022
- 2 Minutes to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Device Enrollment Manager - Enrolling a device in Microsoft Intune
The Device Enrollment Manager (DEM) is a kind of service account. These accounts have permissions that let authorized users enroll and manage multiple corporate-owned devices. A DEM account requires an Intune user or device license, and an associated Azure AD user.
DEM is an Intune role/permission that can be applied to an Azure AD user account, and they can enroll up to 1000 devices. A DEM account is useful for scenarios where devices are enrolled & prepared before handing them out to the users of the devices. There’s a limit of 150 Device Enrollment Manager accounts in Microsoft Intune. DEM enrolls Windows 10/11 devices.
- Pre-requisite to create DEM accounts
- Add a device enrollment manager
- Enrolling a device in Microsoft Intune
- To remove a device enrollment manager user
1. Prerequisite to create DEM accounts
Global Administrator or Intune Administrator. An Azure AD user with the above-mentioned role can perform the following tasks:
- Assign DEM permission to an Azure AD user account
- See all DEM users
2. Add a device enrollment manager
- Sign in to the Microsoft Endpoint Manager admin center and choose Devices > Enroll devices > Device enrollment managers.
- Select Add.
- On the Add User, enter a user principal name for the DEM user, and select Add. The DEM user is added to the list of DEM users.
- User added as a DEM has Intune license:
3. Enrolling a device in Microsoft Intune
Now Switch to your Windows 10 machine to enroll a device
- Right-click on Windows > Settings > Accounts
- Access Work or School Account and then click Connect.
- Click on Join this device to Azure AD Directory and add DEM user credentials and click on Next and Sign In.
- Click on Join and then click on Done.
- In the next window, the DEM user is connected to Azure AD.
- Now restart the machine with the same user.
- Sign in to the Microsoft Endpoint Manager admin center and choose Devices > All devices. You will see your device enrolled and managed by Intune.
- Once the device is enrolled, follow this link to deploy MSI to Intune managed device: Deployment of MSI packages through Microsoft Intune
Only the Intune admin has the capability to perform a wipe or remove any enrolled device and that is through the Microsoft Endpoint Manager admin center only.
4. To remove a device enrollment manager user
- Sign in to the Microsoft Endpoint Manager admin center, and choose Devices > Enroll devices > Device enrollment managers.
- On Device enrollment managers, select the DEM user and select Delete.
How to deploy the MSI package to an enrolled device through Microsoft Intune.
Was this article helpful?