Wednesday, 3 June 2015

Role Based Access to Microsoft Intune

EMS Landing page

An exciting new feature was added to Microsoft Intune this month (Intune version 5.0.5161.0). An additional "helpdesk role" was added to filter the view of the Intune admin console and only provide access for helpdesk staff to perform remote tasks.

Have a look at the Intune Team blog to read about this and the other new features announced.

In this blog I will have a look at the administrative roles that are now available in Microsoft Intune.

Launch the Intune console and navigate to Admin > Administrator Management > Service Administrators. Select to Add a new Administrator. A new role is now available - Helpdesk - Groups Role.

Add a new Helpdesk Administrator (Tom)........

......and also add a Read-Only Administrator (Pat) so that we can verify what each has permissions to do.

Let's first remind ourselves what "Full Access" looks like.

Now log into the Intune console as Tom.

This is the limited console view of the new "Helpdesk Administrator". It is not possible to carry out any configuration or policy change.

The Helpdesk Administrator can only perform Remote Lock and Password Reset on the devices.

Now log into the console as Pat. Remember Pat is now a Read-Only Administrator. He will not be able to modify configuration or policies.

He cannot perform management tasks on the devices.

He can however create reports.

Pat can customise the report.

Final report.

I believe that the new "Helpdesk Administrator" role will be very useful addition to the Intune device management capability.

No comments:

Post a Comment