Forum Discussion
Two different Office packages group-related on one device
Hello everyone,
Computers in a device group (A) in Intune may only receive Teams from the Office Packet.
Another group (B) receives the Office package completely based on user groups.
What is the best way to ensure that a person from user group (B) who logs on to computers in device group (A) also gets their entire complete Office package there, but without other people on the device also being able to use the entire Office package (except Teams)?
Unfortunately, the current situation is that if the user logs on to a device with the authorizations for the entire Office package, everyone else can then also access the complete Office package.
I would be grateful for any help in this regard.
Best regards
Hi Stefan_Adorjan,
User permissions
Microsoft Intune uses role-based access control (RBAC) to manage user permissions. RBAC allows you to assign roles to users, which define the permissions they have. There are both built-in and custom roles available.
To create, edit, or assign roles, you must have one of the following permissions:
- Global Administrator
- Intune Service Administrator
To assign a role to a user:- Sign in to the Microsoft Intune admin center.
- Select Users > All users.
- Select the user you want to assign a role to.
- Select Assigned roles > Add assignments.
- In the Directory roles pane, select the roles you want to assign to the user.
- Select Add.
- Office app policies
Intune also provides policies specifically for Microsoft Office apps.
These policies allow you to configure how Office apps are used on managed devices.To add an Office app policy:
- Sign in to the Microsoft Intune admin center.
- Select Apps > Policies for Office apps > Create.
- Enter a name and description for the policy.
- Select how the policy will be applied and which group the policy will apply to.
- Configure the policies you want to apply.
- Select Create.
Role-based access control (RBAC) with Microsoft Intune | Microsoft Learn
Policies for Office apps - Microsoft Intune | Microsoft Learn
windows - Restrict users from local accounts on Intune devices? - Server FaultPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
1 Reply
Hi Stefan_Adorjan,
User permissions
Microsoft Intune uses role-based access control (RBAC) to manage user permissions. RBAC allows you to assign roles to users, which define the permissions they have. There are both built-in and custom roles available.
To create, edit, or assign roles, you must have one of the following permissions:
- Global Administrator
- Intune Service Administrator
To assign a role to a user:- Sign in to the Microsoft Intune admin center.
- Select Users > All users.
- Select the user you want to assign a role to.
- Select Assigned roles > Add assignments.
- In the Directory roles pane, select the roles you want to assign to the user.
- Select Add.
- Office app policies
Intune also provides policies specifically for Microsoft Office apps.
These policies allow you to configure how Office apps are used on managed devices.To add an Office app policy:
- Sign in to the Microsoft Intune admin center.
- Select Apps > Policies for Office apps > Create.
- Enter a name and description for the policy.
- Select how the policy will be applied and which group the policy will apply to.
- Configure the policies you want to apply.
- Select Create.
Role-based access control (RBAC) with Microsoft Intune | Microsoft Learn
Policies for Office apps - Microsoft Intune | Microsoft Learn
windows - Restrict users from local accounts on Intune devices? - Server FaultPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)