Rename a device via Windows 10 MDM

This blog post uses the Accounts configuration service provider (CSP), to create a local user account on Windows 10 devices. This area was added in Windows 10, version 1803.

This weeks blog post is a follow up on last weeks post about creating a local user account via Windows 10 MDM. This week is also about the Accounts CSP, but this this time I’ll use the Accounts CSP for renaming a Windows 10 device. This can be useful with maintaining a specific naming convention. I’ll show the available nodes, I’ll show how to configure them and I’ll end this post by showing the end-user experience. Also, I’m pretty sure this will be possible via Windows AutoPilot at some point in time, but, even then, this can be useful for existing devices.


Like last week, let’s start by having a look at the tree of the Accounts CSP. That enables everybody to use this post without switching between this post and my previous post.

Available nodes

The Accounts CSP contains nodes for renaming a computer account and for the creation of a user account. To get a better understanding of the different nodes, it’s good to walk through the available nodes. Specifically those related to the device name, as those are the subject of this post. Let’s go through those related nodes.

  • .Device/Vendor/MSFT/Account – Defines the root node for the Accounts CSP;
  • Domain – Defines the interior node for the domain account information;
  • ComputerName – Defines the name of the device.

Configurable nodes

There is basically only one configurable node related to the naming of the device. The ComputerName node. The ComputerName node can be any string within the standard requirements for a device name. Besides that, it also allows a couple of macros. The table below provides an overview of them.

Macro Description
%RAND: <# of digits>%

This macro can be used to generate a random number with the specified number of digits, as part of the device name.

Example: CLDCLN%RAND:6%


This macro can be used to set the serial number of the device, as part of the device name.


Note: The random number macro can create pretty bizarre behavior when targeted at devices (or users). It will keep on renaming the device. In that case make sure to use a Dynamic Device group filtered on disaplayName (for example filtered on Starts With DESKTOP). That will prevent constant renaming of the devices, as the devices will eventually loose the membership of the group.


Now let’s continue by having a look at the configuration to rename a device. In other words, create a device configuration profile with the previously mentioned custom OMA-URI setting. The following three steps walk through the creation of that device configuration profile. After that simply assign the created profile to a device group.

1 Open the Azure portal and navigate to Intune > Device configuration > Profiles;
2 On the Devices configuration – Profiles blade, click Create profile to open the Create profile blade;

On the Create profile blade, provide the following information and click Create;

  • Name: Provide a valid name;
  • Description: (Optional) Provide a description;
  • Platform: Select Windows 10 and later;
  • Profile type: Select Custom;
  • Settings: See step 3b.

MSI-CN-SerialOn the Custom OMA-URI Settings blade, provide the following information and click Add to open the Add row blade. On the Add row blade, provide the following information and click OK (and click OK in the Custom OMA-URI blade);

  • Name: Provide a valid name;
  • Description: (Optional) Provide a description;
  • OMA-URI: ./Device/Vendor/MSFT/Accounts/Domain/ComputerName;
  • Data type: Select String;
  • Value: CLDCLN%SERIAL% (or use the other example of CLDCLN%RAND:6%).

Note: At some point in time this configuration will probably become available in the Azure portal without the requirement of creating a custom OMA-URI.

End-user experience

Let’s end this post by having a quick look at the end-user experience. There is not that much to be shown, besides the actual device name. However, it’s good to see that it automatically generates a name within the restrictions of a device name. Below on the right is a screenshot of the serial number of the device and below on the left is a screenshot of the generated device name. It contains the specified prefix with the added serial number. When the serial number is too long, it will use the maximum number of characters that are allowed for a device name. It uses the characters starting from the back.

CN-Serial-Properties CN-Serial-CMD

Note: The reporting in the Azure portal still provides me with a remediation failed error message, while the actual rename of the device was a success.

More information

For more information about the Accounts CSP, refer to this article named Accounts CSP.

34 thoughts on “Rename a device via Windows 10 MDM”

  1. Have tested this without much luck so far. The PC’s are renamed in Intune and AzureAD and show the new name in the company portal, but not locally – cmd->hostname shows the original name.

    Intune shows Remediation Failed also for the configuration item.

  2. Thanks for sharing this Peter, very helpful. I have two questions:

    I suppose there is the risk that the random number macro may create a duplicate computer name, right?

    We use multiple naming conventions based on location of the device. I tried assigning different custom profiles to different user groups, but reading your article I may risk continues computer name changes this way. Would there be another way of assigning the profile to a dynamic group and identify specific computers in a group? Unfortunately we can’t use the OU attribute as we’re have a cloud-only environment.

  3. Note: You need to leave the trailing ‘;’ off the OMA-URI path above for this to work.

    OMA-URI: ./Device/Vendor/MSFT/Accounts/Domain/ComputerName

  4. Thanks Peter, indeed I’m using the serial number now (like you suggested in your reply). Although it is easier to remember 001 or 024 as number (rather than longer serials) thus distinguish computer names. But hey.. this one works :-).

    Shame though that Intune is still giving a deployment error despite a correct name change.

  5. Thanks Peter, i used the dynamic device group, this filters fine, but the policy is not applied to the devices. They are all failing. Has anyone tried applying this policy (%Rand:6%) to a dynamic device group with success ?

  6. Hi Peter,
    I’m using the serial number variable and always receive a remediation failure. Because we have targeted all those settings to users we cannot exclude devices. Ha you made similar experiences?

  7. Hi Peter,

    We use this configuration to rename the corporate devices (Autopilot). It works but after the configuration (renaming device) has been applied and the device name has changed, a dublicate compliance policy of each compliance policy is visible (one for the system account and one for the user).

    Are you having the same experience?


  8. Hi Peter,

    Thanks for the post. Works great however I do get the error you mentioned. Did you have any update on the Remediation Failed for the configuration item in Intune?

    Thanks again.

      • It “fails” because it doesn’t restart after. So when it checks for the name, the name is still technically the old name. Reboots would need to be done after it gets to the machine. Won’t do it on its own. That said, this is helpful still since the current renaming method has a limit of 100 at a time. We are using this to change the device name of specific models so thank you for this gem.

  9. when doing this as part of autopilot it works but gives an error saying the parameter is incorrect when trying to reboot and auto-login

  10. Every time i try that, the security trust between the computer and the on prem AD gets lost.
    So not working for me here.
    I use the intune task rename computer, in computer management i can see the computer gets renamed on the next reboot.
    The new name appears in AAD, but never in the ON PREM AD..

  11. Kenneth, I am seeing the same thing. I can rename a device through intune, however, once I do that, it does not get renamed in the on prem AD, so the device can no longer talk to the domain.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.