Role-Based Access Control (RBAC) in Intune

From Notes_Wiki

Home > Microsoft Intune > Role-Based Access Control (RBAC) in Intune

Role-Based Access Control (RBAC) in Intune

Overview

Role-Based Access Control (RBAC) allows administrators to delegate Intune management tasks securely. It ensures admins have only the permissions they need.

Prerequisites

  • Global Administrator or Intune Administrator rights.
  • Azure AD groups for assigning admin roles.

Steps

1. Sign in

2. Navigate to RBAC Settings

  • Go to: Tenant administration > Roles > All roles.

3. Review Built-in Roles

  • Examples of available roles:
    • Intune Administrator
    • Policy and Profile Manager
    • Application Manager
    • Endpoint Security Manager
  • Each role has predefined permissions.

4. Create Custom Role (Optional)

  • Click Create.
  • Enter:
    • Role name
    • Description
  • Select required permissions (read, update, delete).

5. Assign a Role

  • Select a role (built-in or custom).
  • Click Assignments > Add assignment.
  • Enter assignment name.
  • Choose:
    • Admin group (Azure AD group of admins)
    • Scope groups (target devices/users)
    • Scope tags (optional, for granular delegation).

6. Review and Create

  • Confirm configuration.
  • Click Create.

7. Verify Role Assignment

  • Go to: Tenant administration > Roles > Assignments.
  • Ensure the correct role and scope are assigned.

Notes

  • RBAC enforces least privilege security.
  • Use scope groups and tags for delegation.
  • Test custom roles before production rollout.


Home > Microsoft Intune > Role-Based Access Control (RBAC) in Intune