Adding Microsoft Intune Device Enrollment Manager

ByPrajwal Desai Hours

In this short post we will look at steps for adding Microsoft Intune device enrollment manager. The question is what is device enrollment manager and why do you need it. The device enrollment manager is an account that can enroll devices in Intune. A device enrollment manager can enroll up to 1000 devices. Do not get confused with Intune admin account and a DEM account. However a device enrollment manager user cannot be an Intune admin. To designate the user as DEM the user account must be present in Intune console. In other words the users must be already created before you designate them as DEM.

The devices enrolled by device enrollment manager comes with certain limitations. I wouldn’t worry about the limitations much here. One important limitation that I see is the capability to unenroll the devices. The DEM user cannot unenroll DEM-enrolled devices on the device using the Company Portal. Only the Intune admin has this capability and not the DEM user. Let’s proceed further now and see how to add DEM.

Adding Microsoft Intune Device Enrollment Manager

Let’s look at the steps for adding Microsoft Intune device enrollment manager. In the Azure portal look for Device enrollment under Manage.

Adding Microsoft Intune Device Enrollment Manager

Click Device enrollment managers. On the right pane click on + Add.

Adding Microsoft Intune Device Enrollment Manager

Type the user principal name or the user account that will be a DEM. Click Add.

Adding Microsoft Intune Device Enrollment Manager

That’s it. You have added a new device enrollment manager. This account can now enroll the devices.

Adding Microsoft Intune Device Enrollment Manager

How to delete device enrollment manager – To delete a device enrollment manager, select the account and hit delete. The user won’t be deleted from Intune. However the user cannot enroll the devices any further.

After deleting DEM, what happens to devices enrolled by DEM – There should be no issues there. Deleting DEM will not affect enrolled devices. Enrolled devices continue to be fully managed.

Avatar photo

Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

8 Comments

  1. I want to integrate ~600 users to DEM role. Is ther ea methode via powershell existing?

    BR,
    Rene

    Reply

  2. What if your DEM account is compremissed. That opens up a huge security risk to your environment

    Reply

  3. is there a way we override the device enrollment limit for DEM account which is enforced by Azure? I think the 1000 machine limit is overridden by Azure device limit.

    it looks like the azure device limit is not allowing DEM account to enroll 1000 devices

    Reply
    1. Avatar photo Joachim Luengas says:

      Yes you´re right. You should change Azure AD device limit registration to unlimited.

      Reply

  4. Hi Prajwal,
    nice article!!!
    What happens if a DEM reaches 1000 enrolled devices? Should I fire him?

    Reply

  5. Each DEM enrolled device consumes a single license.

    Reply
  6. Avatar photo groovemaster17 says:

    How does this affect licensing. The documentation clearly states that DEM can enroll up to 1000 devices. Is this all done with the same, single Intune license?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *