Microsoft Intune - Add Primary User to Device

Microsoft Intune - Add Primary User to Device assigns a specific Azure AD user as the primary user for a managed device in Microsoft Intune for:

  • Assets returned by the selected query or assets selected on the relevant asset page.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

📘

Note


Required Fields

These fields must be configured to run the Enforcement Action.

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values (optional) - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
  • Use stored credentials from the Microsoft Intune adapter - Select this option to use credentials from the adapter connection. By default, the first connection is selected.

    • When you select this option, the Select Adapter Connection drop-down becomes available. Select the adapter connection to use for this Enforcement Action.

    📘

    Note

    If you do not select the Use stored credentials from the Microsoft Intune adapter option, you must provide the connection parameters below.

  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.

  • User Azure Object ID - The Azure AD object ID of the user to be set as the primary user for the device. You can find this ID in the Azure portal under Azure Active Directory > Users.

Additional Fields

This Enforcement Action does not have additional optional fields.

💡

Connection and Credentials

When Use stored credentials from the adapter is toggled off, some of the connection fields below are required to create the connection, while other fields are optional.

  • Azure Client ID - The Application (client) ID of the registered Azure AD application used for authentication.
  • Azure Client Secret - The client secret value for the registered Azure AD application.
  • Azure Tenant ID - The Directory (tenant) ID of your Azure AD tenant.
  • Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  • HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  • HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

  • HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.

  • Gateway Name - Select the Gateway through which to connect to perform the action.

APIs

Axonius uses the Microsoft Graph API - POST /beta/deviceManagement/managedDevices/{id}/users/$ref

Required Ports

Axonius must be able to communicate via the following ports:

  • TCP port 443

Required Permissions

The stored credentials, or those provided in Connection and Credentials, must have the following permission(s) to perform this Enforcement Action:

The following Microsoft Graph API permission is required for this Enforcement Action:

  • DeviceManagementManagedDevices.ReadWrite.All - Allows the application to read and write the properties of devices managed by Microsoft Intune, including the ability to set the primary user for a device.

This permission requires administrator consent and can be configured in the Azure portal under Azure Active Directory > App registrations > [Your App] > API permissions.

To learn more about Enforcement Actions, see Enforcement Actions.

Version Matrix

This Enforcement Action was tested only with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.

VersionSupportedNotes
Microsoft Graph API v1.0 (beta endpoint)YesThe primary user assignment endpoint is available in the /beta path of Microsoft Graph API

Did this page help you?