Forum Discussion

BFL's avatar
BFL
Copper Contributor
Nov 26, 2024

Intune Admin Centre Global Admin access

Hello, hoping someone can help with this one. None of our Global Admin accounts can access the Intune Admin Centre. We have checked licence and that all seems to be fine, removed and re assigned role...
Intune
kyazaferr's avatar
kyazaferr
Iron Contributor

If your Global Admin accounts cannot access the Intune Admin Center, even after ensuring licensing and role assignment appear correct, there may be other factors at play. Here's a structured troubleshooting approach to help resolve the issue:

Verify Global Admin Permissions

Although Global Admins should have access to all areas, ensure the accounts are not restricted by:

  • Conditional Access Policies: Check if there are Conditional Access policies in Microsoft Entra (formerly Azure AD) that might block access to Intune Admin Center for those accounts.
    • Navigate to Entra ID > Conditional Access and review policies targeting "Global Admins" or "All Users."
    • Specifically, check for policies with access requirements for Intune or Microsoft Endpoint Manager Admin Center.
  • Role Assignments in Entra ID: Confirm that the accounts are not inadvertently excluded from permissions needed for Intune management. The required roles include:
    • Intune Administrator
    • Global Admin

Licensing Validation

Ensure that the accounts meet licensing requirements:

  • Verify that the Microsoft 365 E3/E5, EMS E3/E5, or Intune licenses are active for the affected accounts.
  • Reassign licenses temporarily to test if the issue is related to licensing sync delays.

Review Intune Service Status

Check for any ongoing service issues with Intune:

  1. Go to the Microsoft 365 Admin Center.
  2. Navigate to Service health.
  3. Look for reported issues affecting Intune or the Endpoint Manager Admin Center

 

Browser and Access Issues

  • Browser Caching: Clear browser cache or try a different browser to eliminate session-related issues.
  • Private/Incognito Mode: Attempt to log in using private browsing to bypass potential extensions or cached conflicts.
  • Network Restrictions: Verify that there are no firewall or network restrictions blocking access to the Microsoft Endpoint Manager Admin Center

Use PowerShell to Validate Permissions

Run the following PowerShell commands to validate Intune permissions for the Global Admin account:

Install-Module -Name Microsoft.Graph.Intune
Connect-MSGraph

Get-MgRoleManagementDirectoryRoleAssignment -Filter "principalId eq 'user-object-id'"

Check if the roles align with Global Admin or Intune Administrator.

Attempt Role Elevation

Although Global Admins should have full access, try explicitly assigning the Intune Administrator role to the affected accounts via:

  1. Entra ID (Azure AD):
    • Navigate to Roles and Administrators > Intune Administrator.
    • Assign the role to the affected Global Admin accounts.
  2. Wait 15–30 minutes for the changes to propagate.
KevJackson88's avatar
KevJackson88
Copper Contributor
Nov 28, 2024

Hi. Can an Intune Administrator not access the portal either?
That's weird. If you can get at least some admin access i'd check the Tenant Administration > Roles > Administrator Licensing
I think a recent update allowed all non-licences Intune admins in by default, but yours may have got stuck somehow?
Failing that i'd be looking more closely at CA Policies.

Resources