🔐 How to Find and Manage Roles in Microsoft Intune (Endpoint Manager)

-

 Role-Based Access Control (RBAC) in Microsoft Intune lets you define who can view and manage specific configurations, policies and devices. This guide shows how to locate, review and assign roles in the Microsoft Endpoint Manager admin center.

Where to find roles

  1. Sign in to Microsoft Endpoint Manager admin center.

  2. From the left menu, select Tenant administration.

  3. Open RolesRoles by permission to filter by category or permission.

  4. Use the search box and column filters to quickly find a role or permission.

View roles by permission

  • In Roles by permission, set Category (e.g. ServiceNow) to view related roles.

  • Set Permission (e.g. View Incidents) to list roles that include that permission.

  • Review the results shown:

    • Role display name

    • Role assignment type (built-in or custom)

    • Role name



Filtering by permission helps identify which roles grant access to specific features or integrations.

Review role properties & assign roles

  1. Click a role to open Properties.




  2. Under Basics, read the description and the full list of Permissions.

  3. Go to Assignments to see current assignments.

  4. To create a new assignment:

    • Click Assign.

    • Select a security group as the member.

    • Apply scope tags to limit visibility.

    • Set an assignment duration if required.

Tip: Always assign roles to groups, not individual users — it simplifies management and auditing.




Security & best practices

  • Apply least privilege — only grant required permissions.

  • Use groups and scope tags to segment access.

  • Prefer built-in roles when suitable; create custom roles only when needed.

  • Test new assignments with a dedicated test account before production.

  • Monitor audit logs after changes.

  • Document each assignment (owner, purpose, expiry).

Kommentarer

Skicka en kommentar

PopulÀra inlÀgg i den hÀr bloggen

🚀 Force Reinstallation of an Intune App

-
Bild
  – When Intune refuses to reinstall a program you’ve already removed Sometimes an application deployed through Microsoft Intune won’t reinstall even after you’ve manually uninstalled it. That’s because Intune tracks installation status using both registry entries and detection rules to decide whether an app is already present. Here’s how to fully reset that state and force a reinstallation — step by step. 💡 Why Intune won’t reinstall the app When a Win32 app is deployed via Intune, the Intune Management Extension stores app metadata in the Windows registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps This registry data tells Intune which apps are installed, when, and by which user. On every policy sync, Intune checks the detection rule defined for the app. If the detection rule still reports the app as “installed” — even though you removed it — Intune will skip reinstallation . 🔧 Step-by-Step Guide 1️⃣ Uninstall the App F...
Read more »

🚀 Windows Autopilot Self-Deploying Mode — Zero-Touch Setup That Feels Like Magic

-
Bild
Just imagine this: You unwrap a brand-new PC or reinstall Windows 11 from scratch… and before you even touch the keyboard, the device automatically: ✅ Joins Microsoft Entra ID (Azure AD) ✅ Syncs all Intune apps, settings, and policies ✅ Lands straight on the sign-in screen — ready for the user No technician. No clicks. No wasted time. That’s Windows Autopilot Self-Deploying Mode — effortless, hands-free provisioning that just works. The only prerequisite? Register the device’s Hardware Hash (HWID) in Intune first. Here’s the cleanest 10-minute setup guide to make it happen — perfect for brand-new or freshly reinstalled devices. ⚡ Step-by-Step: Configure Windows Autopilot Self-Deploying Mode in Under 10 Minutes 1️⃣ Start Fresh Use a new PC or perform a clean Windows 11 installation (OOBE stage). 2️⃣ Insert a USB Drive 3️⃣ Identify the Drive Letter Press Shift + F10 , open PowerShell, and run: Get-Volume Find your USB drive letter (e.g., E:). 4️⃣ Run the Script Execute: .\auto...
Read more »

Boost Your Graphics Power med GPU-acceleration i Azure Virtual Desktop!

-
Bild
  🎯 Purpose Optimize performance for Remote Desktop sessions by enabling GPU acceleration and video optimization via Microsoft Intune or Group Policy (GPO). 🧠 Prerequisites & Requirements Required skills: Basic knowledge of Windows device management Experience with Microsoft Intune or Group Policy Understanding of Remote Desktop (RDP/AVD) concepts Technical requirements: Windows 10/11 on session hosts GPU-enabled VMs (e.g., NVv3, NVadsA10 v5, NCasT4_v3) Microsoft HEVC codec installed on client devices Proper GPU drivers installed (NVIDIA GRID or AMD) 1. Sign in Go to: https://intune.microsoft.com 2. Create or edit a configuration profile Go to Devices > Configuration profiles Click Create profile Select: Platform: Windows 10 and later Profile type: Settings catalog 3. Add settings Click Add settings and browse to: Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host ...
Read more »