Forum Discussion

JawanL's avatar
JawanL
Copper Contributor
Mar 11, 2022

Azure AD Roles

Is it possible to create a custom azure role that is specific for only one security group? I would like to grant a user access to view members of a specific security group that they are an owner of.
Abdurrahman_Ulu's avatar
Abdurrahman_Ulu
Copper Contributor
Mar 24, 2022

Hello, JawanL 

Azure has Role-Based Access Control (RBAC) for scope-based device management like Intune Administration, Application ADministration, etc. You can use Built-in roles or create your customized RBAC role according to your needs. You need an Administrator group under a role that will have assigned privileges for the target scope and device groups. I have been using different Intune roles at the District level and Campus level for our Distributed network with RBAC for a long time for my different Districts and School Campuses.

To use RBAC, you need a license of at least P1 level.

https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-overview

You can also use Administrative Units for user account management such as help desk, password, authentication methods, etc. You can assign administrators for specific roles and lists of target users or groups under Administrative Units.

Resources