Role-Based Access Control (RBAC) in Intune
From Notes_Wiki
Home > Microsoft Intune > Role-Based Access Control (RBAC) in Intune
Role-Based Access Control (RBAC) in Intune
Overview
Role-Based Access Control (RBAC) allows administrators to delegate Intune management tasks securely. It ensures admins have only the permissions they need.
Prerequisites
- Global Administrator or Intune Administrator rights.
- Azure AD groups for assigning admin roles.
Steps
1. Sign in
- Open Microsoft Intune Admin Center.
- Log in with Global or Intune Administrator credentials.
- Go to: Tenant administration > Roles > All roles.
3. Review Built-in Roles
- Examples of available roles:
- Intune Administrator
- Policy and Profile Manager
- Application Manager
- Endpoint Security Manager
- Each role has predefined permissions.
4. Create Custom Role (Optional)
- Click Create.
- Enter:
- Role name
- Description
- Select required permissions (read, update, delete).
5. Assign a Role
- Select a role (built-in or custom).
- Click Assignments > Add assignment.
- Enter assignment name.
- Choose:
- Admin group (Azure AD group of admins)
- Scope groups (target devices/users)
- Scope tags (optional, for granular delegation).
6. Review and Create
- Confirm configuration.
- Click Create.
7. Verify Role Assignment
- Go to: Tenant administration > Roles > Assignments.
- Ensure the correct role and scope are assigned.
Notes
- RBAC enforces least privilege security.
- Use scope groups and tags for delegation.
- Test custom roles before production rollout.
Home > Microsoft Intune > Role-Based Access Control (RBAC) in Intune