* experimental
This is a script I wrote to change from the package owner, which only gives you the ability to manage the device policy in Intune, to an AD/AAD user, which gives you the ability to manage policies for both user and device. So, perform the bulk enrollment, and then run this script with your data.txt file. All devices showing Package as the owner will be updated with the specified user.
Code
Clear-Host
$ErrorActionPreference= 'silentlycontinue'
$item = $null
$line = $null
foreach($line in Get-Content C:\INTUNE\Data.txt) {
foreach ($item in $line)
{
$item = $line -split (",")
$DeviceName = $item[0]
$UserName = $item[1]
$x = Get-AzureADDevice -SearchString $DeviceName | Select Name -ExpandProperty ObjectId
$y = Get-AzureADUser -SearchString $UserName | Select Name -ExpandProperty ObjectId
Write-Host "Username: $UserName ::: $y"
Write-Host "Device: $DeviceName ::: $x"
Add-AzureADDeviceRegisteredOwner -ObjectId $x -RefObjectId $y
Get-AzureADDeviceRegisteredOwner -ObjectId $x
Add-AzureADDeviceRegisteredUser -ObjectId $x -RefObjectId $y
#Remove-AzureADDeviceRegisteredOwner -ObjectId $x -OwnerId $y
Write-Host ""
$x = ""
$y = ""
$DeviceName = ""
$UserName = ""
}
}
$item = $null
$line = $null
Data.txt file
PCName1, JohnDoe
PCName2, JaneDoe
Notes
Get-AzureADDevice
Get-AzureADUser
Add-AzureADDeviceRegisteredOwner
Get-AzureADDeviceRegisteredOwner
Add-AzureADDeviceRegisteredUser
Reg key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo
—check out UserEmail reg value
—this value can be changed, which reflects the user on the Access work or school
