Microsoft Intune · Device & Endpoint Management
School Administrator
Manages apps and settings for education groups. Can take remote actions on devices including lock, restart, and retire.
Scope: Education-focused device and app management
Permissions
- Device configurations - Full CRUD + Assign
- Mobile apps - Full CRUD + Assign + Relate
- Managed devices - Delete, Read, Set primary user, Update
- Remote tasks - Wipe, Retire, Lock, Reboot, Reset passcode, Locate, and more
- Enrollment programs - Full profile and token management
- Customization - Full CRUD + Assign
- Terms and conditions - Full CRUD + Assign
- Remote Help - Elevation, Full control, View screen
- Endpoint Analytics - Full CRUD
Common use cases
- K-12 and higher education IT administrators
- Managing student and teacher devices
- Deploying educational apps
- Remote device support for classrooms
Best practices
- Use with Intune for Education portal
- Scope to education-specific groups
- Leverage Express Configuration for quick setup
- Use group-based assignments for classes/grades
Security considerations
- Can wipe and retire devices
- Has Remote Help elevation capability
- Can reset device passcodes
- Can locate devices