There are lots of permissions that can be delegated in Intune/Microsoft365 Device Management. Understanding what each of those permissions is for and when to assign them is, therefore, a little difficult. With this post, I’ve gone through the task of outlining all of the delegate permissions in Intune as of September 2019. I’ll try to keep this up to date, but if I fail to, just leave a comment telling me something has changed and I’ll get things fixed.…
So far, this guide has covered terminology and theory used to develop Delegated Administrator roles for Intune’s RBAC system and how to create users with limited rights to Intune in Step by Step: Intune Admin Delegation with RBAC #1
Next, we covered building RBAC scope tags and assigning those tags with device groups in Step by Step: Intune Delegation with RBAC #2
For this article, we’ll cover the creation of an actual Role in Intune.…
I was going to include this in part 3 of my Intune RBAC guide, but it’s a lot of stuff, so I’m making a separate post for it. With that said, here are the permissions you will want to set for a normal, run of the mill iOS and Android device manager in Intune. This permission set has no Windows device permissions, so you will need to add those if you want a management role for all devices.…
In this part of the Intune Delegation with RBAC guide, I’ll go over the pieces you need. In the first part of this guide, I went over the terminology and concepts, so go back to that if you haven’t already read it. We’ll use those concepts and terms heavily from here on out.…
| Next >
RBAC
RBAC, or Role Based Access Control is a methodology for assigning permissions to users based on their job role(s). Administrative Rights delegation benefits from RBAC methodology by restricting rights to the people who need them without granting excessive permission. It contrasts with the most common AD access control methodology, Discretionary Access Control (DAC).…
Problem
Here’s a problem that comes up regularly when running searches in the Microsoft 365 Security and Compliance portal (As of this date, these portals are scheduled to be separated with the upcoming changes to the admin portal). When you run a search, you can’t preview or download search results. In the search preview, you get this message: “to preview search results, please ask your compliance admin to grant you preview permission.” In addition, there is no visible option for downloading anything other than an Excel based report for the search you perform.…
Cloud Concepts and Terminology
As a consultant who was working on Office 365 migrations shortly after it was released (well, renamed), I have worked on a log of migrations. Migrations are a always a project that can be difficult to manage if not done properly. As with any project, planning for a migration is extremely important.…
One of the most historically difficult problems to address in IT is usernames and passwords for multiple applications. We all have a multitude of accounts we have to manage. Bank accounts, social media, email, work accounts, cloud storage, and every other system we use relies on usernames and passwords to “authenticate” who we are. There are a number of different solutions for this problem, but the most user friendly method is a technique called “Identity Federation.” Now that the cloud is becoming more important to business functions, IT needs to simplify the relationship between devices that access corporate resources and the resources themselves.…
Office 365’s OneDrive is a wonderful tool for storing, sharing, and securing access to files of all types, but running an export of Office 365 data can be confusing. One of the rules for OneDrive is that, unless shared, data is normally only accessible by the user who owns the OneDrive folder. But when employees leave the company, accessing that data and exporting it to a more accessible location requires a bit of work.…
Microsoft has significantly changed the way admins export email in Office 365 are done by eliminating export tools in each application (Exchange, SharePoint, etc). There is now a single solution for exports, including Exchange PSTs, OneDrive, and SharePoint files. This central solution is the Security and Compliance center. Unfortunately, there isn’t much information on how to properly export data from Exchange Online now that the Compliance center in Exchange Admin is deprecated.…