Setting primary user / "owner" for Intune-device?

[CloudViking86]

PowerShell: v.5.1 Microsoft.Graph: v.1.5.0 Schema: BETA

What I am trying to do: When enrolling a computer using a "WCD"-package (ppkg / provisioning package) and the user is scoped to be auto-enrolled into Intune then the device is listed with a "Primary User" of "NONE" in Intune since the device is enrolled by a package / bulk-enrollment.

This in turn blocks the device to receive apps / configurations etc. which are scoped to certain users since the device lacks a owner / primary user.

What I've tried:

$managedDeviceid = "<intune-device-id>"
$userId = "<azure-ad-object-id-for-user>"
Update-MgDeviceManagementManagedDevice -ManagedDeviceId $managedDeviceid -UserId $userId

Error:

Update-MgDeviceManagementManagedDevice : {
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 
da208e1c-6c96-4937-9c7f-c776842b8e29 - Url: https://fef.msub05.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManage
ment/managedDevices%28%27<intune-device-id>%27%29?api-version=5021-03-03",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
At C:\Users\CloudViking86\git\ps_intune_msgraph-api.ps1:140 char:1
+ Update-MgDeviceManagementManagedDevice -ManagedDeviceId $managedDevic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ ManagedDevice...ManagedDevice }:<>f__AnonymousType168`2) [Update-MgDevice..._U 
   pdateExpanded], RestException`1
    + FullyQualifiedErrorId : InternalError,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgDeviceManagementManagedDevice_UpdateExpand 
   ed

So using the "beta"-schema I can see that "userId" is "Read-Only"; https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-update?view=graph-rest-beta whereas in the "v.1.0"-schema it is not; https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-update?view=graph-rest-1.0

If I look at this example here; https://github.com/microsoftgraph/powershell-intune-samples/blob/5a78ad3562e8ca16fdc79993ce9afb5b1830890f/ManagedDevices/Win10_PrimaryUser_Set.ps1#L346 the operation is "POST" opposed to "PATCH" so it should then according to the "legend" here; https://docs.microsoft.com/en-us/graph/powershell/navigating#command-verbs it should then be a command something like: "New-MgDeviceManagementManagedDevice" since "New" = "POST" where "Update" = "PATCH"?

But the actual graph api reference indicate "PATCH"; https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-update?view=graph-rest-beta https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-update?view=graph-rest-1.0

So TL;DR: How do I set the "Primary User" for a Intune-device using the MS.Graph-module?

Thanks! AB#9105

[hstrang]

I am also trying to find out how to set the primary user. While Get-MgDeviceManagementManagedDeviceUser returns the current primary user, the first guess would be to use the respective New or Update, but the documentation of those seems to point out to managing the actual user object instead of linking the user to the device.

The example referred to in the original question shows a Graph API POST to deviceManagement/managedDevices('$IntuneDeviceId')/users/`$ref

Is there any solution or workaround for setting the primary user except of course doing the API call directly?

[maisarissi]

Hello everybody :)

Using the Find-MgGraphCommand I was able to find New-MgDeviceManagementManagedDeviceUserByRef that call POST /deviceManagement/managedDevices/{managedDevice-id}/users/$ref

Can you validate whether you can set primary user?

[ghost]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.