Role-based administration control

Quick tip: Assign scope tags to devices by using security groups

by

This week is also a relatively short blog post. However, this week is about a recently introduced feature in Microsoft Intune. That feature is the ability assign a scope tag to all devices in a specific security group. Like last week it’s a relatively simple feature, but also like last week that simple feature makes life a lot easier. A few months ago I did a post about adding scope tags to devices. In that time it was still a manual action per device, which could be automated via PowerShell. In this post I’ll show how that this configuration can now be achieved by using a security group and what the result of that configuration is. Configuration Now let’s start by having a look at …

Read more

Intune role-based administration control and devices

by

This week a little bit about role-based administration control (RBAC) in combination with devices, in Microsoft Intune. I specifically want to look at that combination, as the RBAC-model in Microsoft Intune differs in that area from how the RBAC-model works in Configuration Manager. Within Configuration Manager a delegated administrator would be a combination between a security role (that defines the permissions and a security scope (that defines the objects). In that case the security scope is a combination between tagged objects and users and devices in specified collections. Specifically that last section, regarding the collections, is were the RBAC-model differentiates from Microsoft Intune. In this post I want to provide a short introduction to the different pieces of RBAC in Microsoft Intune, followed by how …

Read more