Retrieve Intune Device Primary User and all users ever logged on to that device

One of our customers wanted to know per device which the real Primary User was and the user logon date of every user that used that device. (They have some shared devices.) In this blog post, I will show you how to retrieve that information from Intune and export it.

What is a Primary User?

“The primary user property is used to map a licensed Intune user to their devices in:

  • The Company Portal app
  • End-user website
  • IT pro experiences, like troubleshooting pages in the Azure portal. These pages map user accounts to devices by using the primary user.”


What does the script do?

It uses Microsoft Graph to connect to your tenant. It retrieves all the Intune devices and reports the Primary User and all users that logged into it with their last logon date. The results are outputted in a CSV file, which must be specified when running the script.

Running the script

Below is the output when the script ran on the customer’s tenant. I changed all the device names, models, and user names for privacy. 🙂 You will be prompted for credentials if the account doesn’t have enough permissions to retrieve the required data… Then, you will be prompted to grant permissions.

c:\scripts\Get-IntunePrimaryUser.ps1 -OutputFileName c:\temp\PrimaryUser.csv

When started, it will display the devices it checks and if the CSV export was successful. (Below is just a part of the total output.)

Processing DESKTOP-6HA2X55...
Processing DESKTOP-O522XB3...
Processing LT-XXX-51235113...
Processing LT-XXX-51231233...
Processing LT-XXX-61415324...
Exported results to c:\temp\PrimaryUser.csv

In Excel, this will look like (Below is just a part of the total output, and I changed some names.)

You can see in the results that some devices have multiple accounts which were logged into them. It shows who and when for those. It displays the Primary User (Or None if the Primary User can’t be found; this is the case if that account was deleted, for example)

The script

Below are the script’s contents; save it to c:\scripts\Get-IntunePrimaryUser.ps1, for example.

    [parameter(Mandatory = $true)][string]$OutputFileName

#Connect MgGraph
try {
    Connect-MgGraph -Scopes 'DeviceManagementManagedDevices.Read.All, User.Read.All' | Out-Null
catch {
    Write-Warning ("Error connecting Microsoft Graph, check Permissions/Accounts. Exiting...")

#Loop through the devices and the logged on users per device 
$total = Foreach ($device in (Get-MgBetaDeviceManagementManagedDevice | Where-Object OperatingSystem -eq Windows)) {
    Write-Host ("Processing {0}..." -f $device.DeviceName) -ForegroundColor Green
    foreach ($user in $device.UsersLoggedOn.UserId | Select-Object -Unique  ) {
            Device            = $device.DeviceName
            Model             = $device.Model
            "Users logged in" = (Get-MgUser -UserId $user).DisplayName
            LastLogon         = ($device.UsersLoggedOn | Where-Object Userid -eq $user | Sort-Object LastLogonDateTime | Select-Object -Last 1).LastLogOnDateTime
            PrimaryUser       = if ((Get-MgBetaDeviceManagementManagedDeviceUser -ManagedDeviceId $device.Id).DisplayName) {
                $((Get-MgBetaDeviceManagementManagedDeviceUser -ManagedDeviceId $device.Id).DisplayName)
            else {
Disconnect-MgGraph | Out-Null

try {
    $total | Sort-Object Device, 'Users logged in' | Export-Csv -Path $OutputFileName -NoTypeInformation -Encoding UTF8 -Delimiter ';' -ErrorAction Stop
    Write-Host ("Exported results to {0}" -f $OutputFileName) -ForegroundColor Green
catch {
    Write-Warning ("Error saving results to {0}, check path/permissions..." -f $OutputFileName)

Download the script(s) from GitHub here

One thought on “Retrieve Intune Device Primary User and all users ever logged on to that device

  1. Pingback: Intune Newsletter - 8th September 2023 - Andrew Taylor

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.