Microsoft Intune · Support & Operations
Help Desk Operator
Performs remote tasks on users and devices, can assign applications or policies to users or devices.
Scope: Tier 1/2 device support and troubleshooting
Permissions
- Remote tasks - Wipe, Retire, Lock, Reboot, Reset passcode, Locate device, and 15+ more
- Managed devices - Read, Set primary user, Update, View reports
- Remote Help - Elevation, Full control, Unattended control, View screen
- Mobile apps - Assign + Read
- Managed apps - Assign, Read, Wipe
- Device configurations - Read + View reports
- Device compliance policies - Read + View reports
- Enrollment programs - Read device, profile, token
- ServiceNow - View Incidents
Common use cases
- First-line device support
- Remote device troubleshooting
- Password reset and device unlock
- App assignment for users
- Device location for lost devices
Best practices
- Primary role for help desk staff
- Use with Remote Help for direct device support
- Combine with Helpdesk Administrator Entra role for password resets
- Train on remote task implications (wipe vs retire)
Security considerations
- Can wipe devices - removes all data
- Can retire devices - removes corporate data only
- Has Remote Help elevation capability
- Can locate devices - privacy consideration