Forum Discussion
What admin role grans permission to view devices' bitlocker recovery keys?
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
This is real pain.
especially when you have scopes separation in Endpoint Manager and you use RBAC to separate offices equipment.
Of course i cannot grant helpdesk admins on AAD.... that definitely not LEAST Privilege.
That AAD issue BTH. There is no possible to assign role to scope ... there is no scopes at all.
especially when you have scopes separation in Endpoint Manager and you use RBAC to separate offices equipment.
Of course i cannot grant helpdesk admins on AAD.... that definitely not LEAST Privilege.
That AAD issue BTH. There is no possible to assign role to scope ... there is no scopes at all.
Seems like Azure AD Administrative Units are not helpful in this space either.
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/41324467-add-devices-to-administrative-units
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/41324467-add-devices-to-administrative-units
- They do have the helpdesk role available for AU but we just need to the ability to add the devices which will come in time i'm sure 🙂
- In order to fully solve this issue, we need to have devices support in AU with custom roles. Let's hope it's here sooner rather than later
