Intune Modern Workplace

What is the difference between a user and a device?

As I’m browsing through the Microsoft Q&A forum for Intune related question, there is one thing that I see which seems to be a quite common misconception. That misconception is the difference between what a user is and what a device is.

It’s not that people don’t know the physical difference between what a user (a person) and a device (an object) is, it’s in the sense of how they differ in Intune management and the cloud world.

Let’s try to sort this out, shall we?

  • User noun – “A person who uses or operates something.”
  • Device noun – “A thing made or adapted for a particular purpose, especially a piece of mechanical or electronic equipment”

Disclaimer: I’m trying to wright this extremely simple and basically assuming that the term user and device is not known.

Who is the user?

The user is the person who in your organization is consuming the services and using devices. Users are usually a 1:1 scenario, but you might also have service users and group users. Behind a user there is in most cases ONE person (the Microsoft license structure kind of assumes this as well).

In an Intune context, the user is the person who uses the device. The user is in a the most common context tied to a specific device where the user is the primary user and owner of the device.

A user might have multiple devices such as a computer, a phone, and a tablet.

An Azure AD user

What is the device?

The device is the piece hardware which the services are consumed on. This can be a computer, tablet, or phone. The device must, in an Intune context, run any of the supported operating systems:

  • iOS
  • iPadOS
  • macOS
  • Windows 10
  • Android

The device usually has one main user and owner, which is the one tied to the device in Intune and Azure AD.

An Intune enrolled device

What is the difference and why does it matter?

But why does this all matter?

The reason this is important is in how you in Intune would distribute configurations, compliance policies, applications and so on.

When you distribute any of these in Intune, you get to select whether you want to assign this to users or devices. Without knowing the difference, knowing which option to select is hard.

However, the item itself is never applied to the user. It is ALWAYS applied to the device. The assignment only decides on what devices to apply the item in question.

If you assign to a device

If you assign your e.g. configuration with a device centric approach, this means that the configuration will only follow that device. If the user uses another device, the configuration will not be present on the second device.

If you assign to a user

If you assign your e.g. configuration with a user centric approach, this means that the configuration will follow the user. If the user uses another device, the configuration will apply also to that device (given it’s applicable for the device type).

The key take away

It pretty much defines how your configurations, policies and applications are distributed and utilized.

The conclusion of this is that, depending on what scenario you want to fulfill, you might have to assign things in different ways. There are also a few things that might make more sense in distributing in one way or another.

One thing that is important to keep in mind around applications is however the fun topic of licensing. Depending on how you have licensed an application, you might have to distribute in a certain way. So that is something that is important to think about when purchasing applications.