Forum Discussion

BFL's avatar
BFL
Copper Contributor
Nov 26, 2024

Intune Admin Centre Global Admin access

Hello, hoping someone can help with this one. None of our Global Admin accounts can access the Intune Admin Centre. We have checked licence and that all seems to be fine, removed and re assigned roles and made a brand new account with no luck. Fast running out of ideas, anyone have any ideas what to do next? 

  • kyazaferr's avatar
    kyazaferr
    Iron Contributor

    If your Global Admin accounts cannot access the Intune Admin Center, even after ensuring licensing and role assignment appear correct, there may be other factors at play. Here's a structured troubleshooting approach to help resolve the issue:

    Verify Global Admin Permissions

    Although Global Admins should have access to all areas, ensure the accounts are not restricted by:

    • Conditional Access Policies: Check if there are Conditional Access policies in Microsoft Entra (formerly Azure AD) that might block access to Intune Admin Center for those accounts.
      • Navigate to Entra ID > Conditional Access and review policies targeting "Global Admins" or "All Users."
      • Specifically, check for policies with access requirements for Intune or Microsoft Endpoint Manager Admin Center.
    • Role Assignments in Entra ID: Confirm that the accounts are not inadvertently excluded from permissions needed for Intune management. The required roles include:
      • Intune Administrator
      • Global Admin

    Licensing Validation

    Ensure that the accounts meet licensing requirements:

    • Verify that the Microsoft 365 E3/E5, EMS E3/E5, or Intune licenses are active for the affected accounts.
    • Reassign licenses temporarily to test if the issue is related to licensing sync delays.

    Review Intune Service Status

    Check for any ongoing service issues with Intune:

    1. Go to the Microsoft 365 Admin Center.
    2. Navigate to Service health.
    3. Look for reported issues affecting Intune or the Endpoint Manager Admin Center

     

    Browser and Access Issues

    • Browser Caching: Clear browser cache or try a different browser to eliminate session-related issues.
    • Private/Incognito Mode: Attempt to log in using private browsing to bypass potential extensions or cached conflicts.
    • Network Restrictions: Verify that there are no firewall or network restrictions blocking access to the Microsoft Endpoint Manager Admin Center

    Use PowerShell to Validate Permissions

    Run the following PowerShell commands to validate Intune permissions for the Global Admin account:

    Install-Module -Name Microsoft.Graph.Intune
    Connect-MSGraph

    Get-MgRoleManagementDirectoryRoleAssignment -Filter "principalId eq 'user-object-id'"

    Check if the roles align with Global Admin or Intune Administrator.

    Attempt Role Elevation

    Although Global Admins should have full access, try explicitly assigning the Intune Administrator role to the affected accounts via:

    1. Entra ID (Azure AD):
      • Navigate to Roles and Administrators > Intune Administrator.
      • Assign the role to the affected Global Admin accounts.
    2. Wait 15–30 minutes for the changes to propagate.
    • KevJackson88's avatar
      KevJackson88
      Copper Contributor

      Hi. Can an Intune Administrator not access the portal either?
      That's weird. If you can get at least some admin access i'd check the Tenant Administration > Roles > Administrator Licensing
      I think a recent update allowed all non-licences Intune admins in by default, but yours may have got stuck somehow?
      Failing that i'd be looking more closely at CA Policies.

  • BFL's avatar
    BFL
    Copper Contributor

    Hello 

    Thank you very much for the reply. Having gone through all the steps we can still not get into Intune. The error code we are getting back is 403 witch o believe to be insufficient privileges. If it makes a difference we are using Office 365 A3 for faculty licence. 

    Thank you 

Resources