Microsoft Intune · Support & Operations
Read Only Operator
Views user, device, enrollment, configuration, and application information. Cannot make changes to Intune.
Scope: Read-only access to entire Intune console
Permissions
- All Intune areas - Read only
- Device compliance policies - Read + View reports
- Device configurations - Read + View reports
- Managed devices - Read + View reports
- Mobile apps - Read
- Endpoint Analytics - Read
- Security baselines - Read
- Audit data - Read
- Remote tasks - Get FileVault key only
Common use cases
- Auditors reviewing Intune configuration
- Managers needing visibility without change capability
- Reporting and analytics users
- Compliance monitoring
Best practices
- Use for audit and oversight roles
- Assign to stakeholders needing visibility only
- Combine with other read-only roles for broader access
- Use for automated reporting integrations
Security considerations
- Can view audit data and device information
- Can retrieve FileVault recovery keys (macOS)
- Has access to view all policy configurations