# Multi User Devices Multi-User Devices allow an administrator to provision devices intended to be used by more than one user. A tool for Multi-User Devices is **Device Enrollment Manager** (short DEM). DEM is an Intune permission that can be applied to an Azure Active Directory user account and lets the user enroll up to 1,000 devices. A DEM account is useful for scenarios where devices are enrolled and prepared before handing them out to the users of the devices. RealmJoin Client can be used to allow self-service software installations on Multi-User Devices. ## Licenses Devices enrolled by DEM accounts need to be licensed. Therefore, each DEM account needs an Intune user or device license assigned. Example: * Enterprise Mobility + Security (user license) or * A simple device license ![](/files/DYIKLLr6c0xEjJ4l2aoc) ## Preparations Before you can start with a device enrollment you have to do some preparations. ### Create DEM User Create a generic user account that is not assigned to a real person. Please make sure that this account never gets deleted. In that case, enrolled devices will not stay under management anymore. Assign a suitable Intune license as described before. ![](/files/hbhfCUHS7aXU022SxNpf) ### Create User Group for DEM Accounts A new user group is necessary that contains all DEM users. Ad one (e.g. **CFG - All multi-user device accounts DEM**) and assign the previously created user. ![](/files/wuCYgwaxiCbiOf76kF0U) ### Prepare Group In **Intune** the following actions are necessary for that group: * Assign compliance policies and device configurations (that should apply for these devices) * Assign Intune distributed apps (e. g. RealmJoin Installer) * Check if DEM group can enroll and register new devices in Intune/Entra ID (e. g. enrollment restrictions and Entra ID Join) The following steps must be done in **RealmJoin** * Add RealmJoin configuration policies to that group * Add Software packages (that should be installed when the device is set up by DEM account) * Let RealmJoin mark this group as **Primary Users** (obtain Entra ID Object ID) ## Device Setup A new and clean device will be set up with the DEM user account created before: ![](/files/iHl6cetk86oQNA4o335v) Depending on configuration second factor authentication will be enforced: ![](/files/jX2SCOc3OjFuYqxR7B0d) Device enrollment and provisioning will start: ![](/files/Y7RwSJx2Xj0qwuNKo4P5) Prompt for Windows Hello setup appears (depending on configuration): ![](/files/7db1vziraN7xhxYL9oYt) After that, RealmJoin will start and install the defined set of software for the DEM account: ![](/files/abUXVxMXGCFlYmxVikm1) When logging in via DEM account (primary user) the software should be installed: ![](/files/99gh2y5RqcJxlpL67QNf) ## Secondary User Experience Secondary users are now able to log in: ![](/files/GXhsRfIyHTK1oAabm8CY) Software assigned and installed by DEM account should be available Additional software can be installed by this secondary user: ![](/files/cUipMusMmW8SoOUiaoXn) ![](/files/fa2iUYerwvtKfq4E0X9i) ![](/files/8yiRbvzWzkomaLrAoo1w) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.realmjoin.com/realmjoin-deployment/infrastructure/multi-user-devices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.