Forum Discussion
Limit permissions on admins
We have a lot of users that needs to be Global Admins to be able to go in and wipe/delete mobile devices in Office 365 (intune).
I want to limit their permissions so that they no longer are Global Admins, but I can not find a description on what permissions they need. Anyone have limited admins that can manage mobile devices in 365?
1 Reply
Limiting Global Admins is a good idea! There are roles driven by Azure AD, have you seen them, if they are relevant like Intune Service Administrator.
https://blogs.technet.microsoft.com/intunesupport/2017/08/07/using-the-new-role-based-access-controls-in-intune/
https://docs.microsoft.com/en-us/intune/role-based-access-control
https://docs.microsoft.com/en-gb/azure/active-directory/active-directory-assign-admin-roles-azure-portal
The first link has a table with Intune Role Permissions.
