How to Create a Custom Role in Intune
In large organizations, multiple IT teams work on different projects and they need different rights. It does not make sense to provide Global administrator or Intune Service Administrator rights to everyone. That is why we have Intune Custom-based roles which can be created to handle different services. In this article, we will create a custom Intune role for the Help desk to wipe and sync the Intune devices.
Login to Endpoint Manager using https://endpoint.microsoft.com/
Select Tenant administration and Roles.
Select All Roles and create a new custom role in Intune.
Enter Intune custom role name
You need to select which permissions should be assigned to this role, in this article we will assign 2 permissions which are Wipe and Sync
You can assign scope tags if you are using them.
Review and create Intune custom role.
A New Intune role has been created and the next step is to assign the group.
Select the new role and select assignment
Select assign and enter the name for assignment of this new Intune role.
Assign the group which will have these role permissions
Assign scope group if you have created scope groups already or you can assign “Add all users” that will provide rights on all users’ devices in the tenant.
Review & create the assignment after reviewing all the settings.