Autopatch Admin Role

Thanks for the feedback here, BMO_Rob! The default roles Autopatch requires are: 1) Azure Global Admin and 2) Intune Service Administrator, however, you can add less-privileged user accounts into the Modern Workplace Roles - Service Administrator Azure AD group (this group is created during the Autopatch tenant enrollment process). User accounts part of this group can perform the operations you described above. See more details to what I'm saying here in this doc: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#built-in-roles-required-for-device-registration