Intune: Corporate vs Personal Device Management

Enrolled devices have two “modes” in Intune: personal and corporate. What is the difference in managing these two device types?

Let’s consider some basic definitions first. Personal devices are considered user owned. If a user owns their own device, and wants to access corporate data, then that is a “personal” device and can be managed differently. Corporate devices are considered company owned. These are devices that are owned by the company, and are generally expected to have more access to internal data, but also more restrictions.

Different MDM solutions handle these device types differently. For Microsoft Intune, devices are considered personal by default. Here are some ways for a device to become identified as corporate:

  • The device serial number is stored in Intune prior to enrollment. When the device is enrolled, Intune will find the match and automatically categorize the device as a corporate device.
  • The device is enrolled by a DEP partner.
  • The device type is change manually by an Intune administrator.

Personal and corporate devices can be managed the same way, or completely differently. You can configure specific configuration profiles and apps to only be available to corporate devices, or personal devices. The Intune administrator is free to decide how these two device types are configured.

The only thing that Intune administrators can’t configure is how data is collected on the device. By policy, Intune will collect a little bit more information about corporate devices. Intune will collect the phone number and app inventory of company owned devices for reporting and monitoring purposes, but will not do so for personal devices. When an Intune administrator manually changes this for a device, they will see a warning informing them about this change.

7 comments

  1. I have two macOS devices enrolled in Intune standalone – one having personal and the other as corporate device ownership. In both instances I can see discovered apps and the same hardware details. My impression was that having it set to personal that it would assess less information that would be collected and pulled in intune. Am I misunderstanding.?

    1. @harwinder In the Intune Console you can simply click and change a device from personal to company. Otherwise it will be personal by default. You’ll have to script a mass change.

  2. Almost all details have the same visibility for both personal and corporate. This is the way Apple and Google have designed their operating systems. The main difference is on the Microsoft side: they don’t allow you to see the phone number and app installs of personal devices.

    You can still see some app installation detailed for person devices, but Microsoft heavily restricts the view.

    More info here: https://practical365.com/clients/mobile-devices/can-microsoft-intune-see-managed-mobile-devices/

  3. I want to deploy windows application to only hit corporate devices and not personal devices through endpoint manager. I deployed an app to a security group and the app installed on both devices.

    1. Create a dynamic group which only includes corporate devices then apply the app deployment to the new dynamic group.

Leave a Reply

Your email address will not be published. Required fields are marked *