In this guide, we explore a feature which allows a single Azure AD account permission to enrol up to 1,000 devices. A DEM account is useful for scenarios where devices are enroled and prepared before handing them out to the users of the devices.
Create a DEM account
Important – Device Enrolment Manager accounts include their own set of limitations. Reference to Microsoft documentation for an exhaustive list.
Note – A Device Enrolment Manager account must be assigned an Intune license before the account can be added.
Sign in to your Endpoint Manager portal by browsing to https://endpoint.microsoft.com
From the home dashboard, navigate to Devices > Enrol Devices > Device Enrolment Managers.
Select the ‘Add’ button.
Enter the UPN of the Azure AD account to be added as a Device Enrolment Manager, then select the ‘Add’ button.
**Example**
UPN: iOSEnrol@traininguemauthority.onmicrosoft.com
Intune will notify you as to a successful Device Enrolment Manager creation.
You will see the Device Enrolment Account present in the list, ready to enrol devices.
See in Action
To enrol using a DEM account, in this example an iPhone, we follow the standard manual enrolment process.
Once complete, Company Portal app confirms the device is enroled however using a DEM account carries limited capabilities.
Intune (Endpoint Manager) console also confirms the iPhone is enroled, observing iOS Enrol DEM account as the Primary User.
