Forum Discussion
Autopatch Admin Role
I want to onboard a new Intune administrator who should only have permissions to manage Autopatch, e.g. enroll devices in the service, move devices between rings, monitor announcements, submit autopatch related support requests, add devices to the autopatch device group, view autopatch related reports, rings, etc..
What are the minimum permissions that are required to do so? what role provides the least privileges to the admin while still allowing them access to all the autopatch features?
This admin wont have a requirement to onboard the Autopatch service, i.e. does not require Global Admin.
2 Replies
- Andre Della Monica
Microsoft
Thanks for the feedback here, BMO_Rob! The default roles Autopatch requires are: 1) Azure Global Admin and 2) Intune Service Administrator, however, you can add less-privileged user accounts into the Modern Workplace Roles - Service Administrator Azure AD group (this group is created during the Autopatch tenant enrollment process). User accounts part of this group can perform the operations you described above. See more details to what I'm saying here in this doc: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#built-in-roles-required-for-device-registrationThanks Andre Della Monica
This is very helpful.
