How to Create a Custom Role in Intune

In large organizations, multiple IT teams work on different projects and they need different rights. It does not make sense to provide Global administrator or Intune Service Administrator rights to everyone. That is why we have Intune Custom-based roles which can be created to handle different services. In this article, we will create a custom Intune role for the Help desk to wipe and sync the Intune devices.

Login to Endpoint Manager using  https://endpoint.microsoft.com/

Select Tenant administration and Roles.
Tenant AdministrationSelect All Roles and create a new custom role in Intune.

Intune Custom role

Enter Intune custom role name

Intune Custom role

You need to select which permissions should be assigned to this role, in this article we will assign 2 permissions which are Wipe and Sync
Custom permissionsIntune Device Wipe

 

 

 

 

You can assign scope tags if you are using them.

Intune Scope tag

Review and create Intune custom role.
Intune Custom roleA New Intune role has been created and the next step is to assign the group.
new intune roleSelect the new role and select assignment
Intune role assignmentSelect assign and enter the name for assignment of this new Intune role.
intune assignmentAssign the group which will have these role permissions
Intune groupAssign scope group if you have created scope groups already or you can assign “Add all users” that will provide rights on all users’ devices in the tenant.

Intune scope group

Review  & create the assignment after reviewing all the settings.
Intune Custom role

Leave A Reply

Your email address will not be published.