Now in InTune… Role Based Access Control

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

Role Based Access Control (RBAC) has been a favorite feature for the System Center Configuration Manager community since it was introduced, and now it’s available in Intune. RBAC in Intune allows you to easily define who can perform various Intune tasks within your organization, and who those tasks apply to. RBAC gives you greater flexibility and control while ensuring your IT administrators have the necessary permissions to perform their job.


Role Based Access Control Integration with Azure AD Directory Roles for high level access control

The new Intune admin experience on Azure delivers deeper levels of integration with Azure Active Directory, which includes Azure AD Groups as well as integration with Azure AD Directory Roles. This integration provides the underpinnings of Intune’s RBAC capabilities and our overall permissions management story. RBAC for Intune starts by leveraging four Azure AD Directory Roles that define high level administrative access to Intune workstreams and tasks:

  • Global Administrator / Company Administrator: users in this role have access to all administrative features in Azure AD, including conditional access. They can also manage all of Intune.
  • User Administrator: users in this role can manage users and groups but cannot manage all of Intune.
  • Intune Service Administrator: users in this role can manage all of Intune, including management of users and devices, as well group creation and management. This role does not allow for management of Azure AD’s Conditional Access settings.
  • Conditional Access Administrator: users in this role can manage Azure AD’s Conditional Access policies, but not all of Intune.

Role Based Access Control

Create custom roles with any permissions required for a specific function. As an example, if an IT department group manages applications, policies and configuration profiles, you can add all of those permissions together in one custom role.

For those into automation – you can automate any RBAC task such as creating custom roles, or adding/modifying role assignments using the Microsoft Graph API. We also have a set of PowerShell scripts that can help you get started.

Get started using RBAC in Intune today

For more details on Microsoft’s RBAC story and how to get started using it in your Intune admin experience on Azure, check out this blog post from Dave Randall, the Program Manager responsible for RBAC in Intune. Dave’s post includes step by step screenshots that walk you through the capabilities, and shows you how granular you can get with defining access for roles.

RBAC gives IT administrators a simple way to enable powerful control over who can perform various administrative tasks within their organization and they are available to use today in our new admin experience on Azure.

For more information visit 


(Visited 353 times, 1 visits today)