Microsoft Intune · Role Administration
Intune Role Administrator
Manages custom Intune roles and adds assignments for built-in Intune roles. The only Intune role that can assign permissions to administrators.
Scope: Intune RBAC management
Permissions
- Roles - Full CRUD + Assign
- Organization - Read
Common use cases
- Creating custom Intune roles
- Assigning built-in and custom roles to groups
- Managing role scope tags
- Delegating Intune administration
Best practices
- Limit to IAM/security team members
- Document custom role purposes and permissions
- Use scope tags to limit administrative boundaries
- Review role assignments periodically
Security considerations
- Can grant any Intune permission to any group
- Only role that can assign Intune permissions
- Changes affect entire Intune administrative model