This article is contributed. See the original author and article here.

One of the best ways to protect your organization from security threats is to make sure that your staff uses the appropriate level of access to perform their job, ideally following the concept of least privilege. Like other services in Microsoft 365, Intune uses a role-based access control (RBAC) model that helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune admins, you can limit what they can see and change.

 

We have added Intune role management to the Microsoft 365 admin center, where you can also leverage features such as the ability to search for roles and view role permissions. This means you don’t need two separate tools to manage roles for Microsoft 365 and Intune. When you sign into the Microsoft 365 admin center, you’ll see that there are two pivots on the Roles page, one for Azure Active Directory (Azure AD) and one for Intune.

 

Intune pivot on the Roles page in the Microsoft 365 admin centerIntune pivot on the Roles page in the Microsoft 365 admin center

 

Search for the right role

As with the Azure AD pivot, the Intune pivot also includes Search,  which allows you to use keywords to find roles bases on the role name, description, or the permissions associated with the role. This allows you to find the right role with the least amount of privileges necessary for the role tasks.

 

Search for the right roleSearch for the right role

 

Assigning a Role

Assigning a role is quick and easy. The wizard in the Microsoft 365 admin center walks you through a series of steps to identify who is being given access and what they will be able to manage.

 

Assign an Intune role in the Microsoft 365 admin centerAssign an Intune role in the Microsoft 365 admin center

 

The wizard also supports assigning scope tags from Microsoft Endpoint Manager. Roles determine what access admins have to which resources, and scope tags determine which objects admins can see.

 

Use optional scope tags when assigning an Intune admin roleUse optional scope tags when assigning an Intune admin role

 

Our hope is that the wizard gives a clear path to getting the right Intune roles assigned to the right people. We’d love to get your feedback, so please try this new experience and use the in-product feedback button in the bottom right corner to let us know what you think.

 

We have a lot more in store for role management in the Microsoft 365 admin center, so stay tuned!

 

–The Microsoft 365 admin center team

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.