Forum Discussion
What admin role grans permission to view devices' bitlocker recovery keys?
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
I agree, it's a pain 😕
Thijs Lecomte and overpermissioned when all we need is L1 to access BitLocker keys for users.
- They do have the helpdesk role available for AU but we just need to the ability to add the devices which will come in time i'm sure 🙂
- In order to fully solve this issue, we need to have devices support in AU with custom roles. Let's hope it's here sooner rather than later
- Seems like Azure AD Administrative Units are not helpful in this space either.
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/41324467-add-devices-to-administrative-units - This is real pain.
especially when you have scopes separation in Endpoint Manager and you use RBAC to separate offices equipment.
Of course i cannot grant helpdesk admins on AAD.... that definitely not LEAST Privilege.
That AAD issue BTH. There is no possible to assign role to scope ... there is no scopes at all.
