Forum Discussion
Powershell and credentials
Probably this is a very common topic. I would like to supply some scripts to the support team, that should run with very high privileges, but I don't want them to have those privileges. Can anyone h...
What kind of tasks are you talking about?
You would need to build some kind of interface so that users do not get the credentials, but this depends entirely on the use case
You would need to build some kind of interface so that users do not get the credentials, but this depends entirely on the use case
Thijs Lecomte , first thanks for your answer.
They are tasks related to the user and device management. Usually, they would require Intune Administrator, Device Administrator, User Administrator roles but definitely, they are too powerful to be assigned. Now they are working using PIM, but anyway I feel it would be great to let an application do the job with appropriate permissions, and let the Support Team work with minimum privileges. That said, any recommendations are very welcomed. I feel a bit lost.
- Have you looked into scope tagging for Intune?
https://tech.nicolonsky.ch/intune-scope-tags-rbac-explained/
I use it for this scenario exactly at multiple customers.
Some admins only have to view data within Intune