Hello, Configuration Manager, Role Based Access Control now in Intune. Role Based Access Control (RBAC) in Intune enables you to easily define who can perform various Intune tasks within your organization, and who those tasks apply to.

Integration with Azure AD Directory Roles

The new Intune admin experience on Azure delivers deeper levels of integration with Azure Active Directory.

  • Global Administrator / Company Administrator: users in this role have access to all administrative features in Azure Active Directory, including conditional access. They can also manage all of Intune.
  • User Administrator: users in this role can manage users and groups but cannot manage all of Intune.
  • Intune Service Administrator: users in this role can manage all of Intune, including management of users and devices, as well group creation and management. This role does not allow for management of Azure Azure Active Directory Conditional Access settings.
  • Conditional Access Administrator: users in this role can manage Azure Azure Active Directory Conditional Access policies, but not all of Intune.

Pre-defined roles built into Intune:

  • Policy and Profile Manager: users in this role have rights to manage configuration and compliance policies.
  • Application Manager: users in this role have rights to manage mobile and Intune managed app protection policies.
  • Helpdesk Operator: users in this role have rights to manage tasks appropriate for end-user service desk support personnel.
  • Read Only Operator: users in this role have rights to view Intune information without the ability to change configurations and policies.
  • Intune Role Administrator: uses in this role have rights to manage of Intune Roles.

NOTE: You can also create custom roles with any permissions.