Thursday, 9 April 2015

Device Enrollment Managers in Microsoft Intune

EMS Landing page

The Device Enrollment Manager is a really useful concept in Microsoft Intune. You can see full details in the TechNet Library

Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune 

So, what is it all about? 

Essentially the Device Enrollment Manager is a special Intune account that has permission to enroll more than five devices.

When would I use this feature?

You could have a situation whereby a manager has to enroll many mobile devices for his/her team to provide access to certain applications. If there is no requirement for the users to actually log on to the Intune Company Portal then this is the perfect situation for using Device Enrollment Manager.

What can the Device Enrollment Manager do?
  • Enroll devices in Intune (more than the standard 5)
  • Log on to company portal to get company apps
  • Install and uninstall software
  • Configure access to company data

Are there any other considerations?
  • The Device Enrollment Manager user cannot be an Intune administrator
  • Only users that already exist in the Intune console can be Device Enrollment Managers.
  • Device Enrollment Managers cannot reset the device from the company portal.

How do I configure this?

In the Intune console navigate to Administration > Administrator Management > Device Enrollment Managers 

Select to Add

Enter the User ID (note that this user must already exist in the console).

The Device Enrollment Manager has been created and can now mass enroll devices (as normal - there is no special procedure).


  1. Hello Gerry, I am having a hard time getting specific information in regards to the use of device enrollment manager type enrollment for iOS. You say you can use this type of account for enrollment for a device where the user does not need access to the company portal. Can you still deploy apps to the device without user access to the portal? Can you push an email profile for the actual end user to use and log into? What would happen if the end user does try to log into the company portal, will they get an error?


    1. Yes, the device enrollment manager will have to log in to install the apps. If you require "end user" configuration (eg email profile) then this is not the feature for you.

  2. Hey Gerry, Can you still use the device enrollment manager if you're using Intune with Config Mgr?

    1. No, it looks like just a standalone Intune feature at the moment Paul.