Device Owner is missing in Entra ID (Azure AD)

If the "owner" is missing on a Windows device in Azure AD, it usually means the device does not have an assigned primary user. This can happen for several reasons:

Reasons for Missing Device Owner

1. Hybrid Azure AD Join: In hybrid environments, devices joined to both on-premises Active Directory and Azure AD (Hybrid Azure AD Join) may not have an owner assigned by default. This is because device ownership is primarily managed through on-premises AD, and the device synchronization process does not automatically assign an Azure AD owner.
2. Automatic Enrollment: Devices automatically enrolled in Azure AD via MDM (Mobile Device Management) policies or automatic enrollment settings may not have an explicit owner assigned during the enrollment process.
3. Bulk Enrollment: When devices are enrolled in bulk (e.g., using Windows Autopilot), the process may not assign an individual owner to each device, especially if the enrollment was handled by IT administrators rather than end-users.
4. Manual Device Registration: Devices registered manually using the dsregcmd command or other manual processes may not have an owner assigned during registration.
5. Device Reassignment: If a device was reassigned or re-provisioned without properly updating the ownership information, it may result in a missing owner.

Implications of Missing Owner

• Access and Permissions: The owner of a device in Azure AD typically has administrative permissions over that device. Without an owner, certain administrative tasks may be more challenging.
• Conditional Access Policies: Some conditional access policies in Azure AD may rely on device ownership to grant or restrict access. Missing owner information could impact these policies.
• BitLocker: recovery key cannot be saved in the users’ “My Devices” portal self service
• Licensing: if you are using bundled “per user” Intune licensing, it will not be assigned to the device

Assigning an Owner to a Device to fix this issue

To assign an owner to a device in Azure AD, you can use AzureAD PowerShell module:

You will firs need to find and record device Object ID of the device you want to assign and owner to and the User ID object of the user

Locate it in Entra ID portal: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview

Install-Module AzureAD
Connect-AzureAD
        

You can check current device owner by running

Get-AzureADDeviceRegisteredOwner -ObjectId 2128e863-1b58-4ea9-aca2-42ae6f15b069        

Next you will run

Add-AzureADDeviceRegisteredOwner -ObjectId Device -RefObjectId User        

Replace device with device object ID

Replace user with user object ID

Add-AzureADDeviceRegisteredOwner -ObjectId 2128e863-1b58-4ea9-aca2-42ae6f15b069 -RefObjectId 7b00bc43-d9df-428e-8060-0690d85ef162         

You will now see a new device owner assigned to that device.