Enroll to Intune using DEM
First of all, this is not one from enrollment methods directly but I wanted to discuss about Device enrollment manager(DEM) as it can be helpful in some scenerios. So, today we will learn about DEM, where we can make use of it, how to assign this role and what are the limitations.
What is DEM account ?
Device enrollment manager (DEM) is a kind of service account. These accounts have permissions that let authorized users enroll and manage multiple corporate-owned devices.
DEM is an Intune role/permission that can be applied to an Azure AD user account and they can enroll up to 1000 devices. A DEM account is useful for scenarios where devices are enrolled & prepared before handing them out to the users of the devices. By design, there’s a limit of 150 Device Enrollment Manager accounts in Microsoft Intune.
Pre-requisite to create DEM accounts
Global Administrator or Intune Administrator. An Azure AD user with above mentioned role can perform following tasks-
- Assign DEM permission to an Azure AD user account
- See all DEM users
Enrollment methods supported by DEM accounts
- Windows Autopilot
- Windows devices bulk enrollment
- DEM initiated via Company Portal
How to add a DEM
Step 1: Sign in to the Microsoft Endpoint Manager.
Step 2: Select Devices > Enroll devices > Device enrollment managers.
Step 3: Select Add. On the Add User blade, enter a user ID and select Add as shown below:
The devices enrolled by DEM are having some limitations. One important limitation is the capability to unenroll(wipe) the devices. The DEM user cannot unenroll DEM-enrolled devices on the device using the Company Portal. Only the Intune admin has capability to perform wipe and that is through MEM admin center only.
For detailed information, refer this Microsoft article
To check if DEM is helpful in your scenerio, please check this out