Personal (1 to 1) devices are pretty common knowledge. Devices without any user affinity however, now that is a totally different story. This variant isn’t that common in the environments I have build. And when I came across this scenario, I was surprised on how little information was available. So I decided to write my own experience down in an article.
The scenario we are talking about is: We have a device without any user affinity that should be managed by Intune to be able to set certain policies and keep track of updates, health, etc. Questions that popped up were in the likes of:
- What types of enrollments need a device license / When do I need a Device license?
- How is this scenario covered by licences (user vs device licensing)?
- How do we assign a device license?
- How to keep track of licenses vs devices?
- What are the (in)posibilities of this scenario?
Enrollment types
Microsoft documented the enrollment types that could need device licenses, those are:
- Windows Autopilot Self-Deploying mode
- Apple Device Enrollment Program without user affinity
- Apple School Manager without user affinity
- Apple Configurator without user affinity
- Android Enterprise dedicated
- Using a device enrollment manager account
Windows Autopilot Self-Deploying mode can also be used for the enrollment of Shared devices. Most of the times, those devices have users with user based licenses logging into them. In that case you don’t need a device based license.
Limitations
With device licencing come limitations. If we break those limitations down to the core, any action that normally would get triggered by a user, will not be available for a device without user affinity.
The following Intune functions are not supported for devices that use a device license:
- Intune App Protection policies
- Conditional Access
- User-based management features
License assignment
One of the most asked questions on the device based licencing of Intune is: “How do I assign these licenses?”. The very simple answer is: You don’t assign the licenses.
To give a bit more context to this, the Device based subscription licenses for Intune are “Administrative”. That means that you purchase the licenses based on estimated usage and the goal of the licenses is to meet the licensing requirements.
Well… if you don’t assign these licenses… then, how do you keep track of them and how do you know if you are still meeting licensing requirements after a period of time. Well the answer to that is, you should configure reporting on the specific device types and count the devices that are covered by device based licenses. The count of those devices vs the number of licenses that have been purchased tells you if you are still meeting all requirements.
What’s next?
Let me know if you would like to read more about the next steps.
- How to configure devices without user affinity.
