Event banner
Event details
Is it possible to assign some specific permission for an IT admin to register the device for Autopilot without assign the Intune Administrator role?
Hi, device enrollment requires Intune Administrator or Policy and Profile Manager permissions. You can also create a custom Autopilot device manager role by using role-based access control. Here are a few docs that can help:
- https://docs.microsoft.com/en-us/mem/autopilot/add-devices#required-permissions
- https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control
- https://techcommunity.microsoft.com/t5/intune-customer-success/role-based-access-control-in-intune-identifying-tenant-wide-and/ba-p/1441249
Autopilot registrations were designed to be done at purchase time. Dell does this for us. Other OEMs and resellers also offer Autopilot registration as a service.
If you have Configuration Manager managed PCs, the hardware information has already been gathered for you and can be imported in bulk (small batches or they time out). Doing this will create an Autopilot object and an Azure AD Joined object for each. Once the device has enrolled using Autopilot, its AD + Azure AD Hybrid + Configuration Manager objects can be deleted.
select bios.SerialNumber0 as 'Serial Number' , os.SerialNumber0 as 'Windows Product ID' , mdm.DeviceHardwareData0 as 'Hardware Hash' , 'Default' as 'Order ID' from v_GS_PC_BIOS bios inner join v_GS_OPERATING_SYSTEM os on bios.ResourceID=os.ResourceID inner join v_GS_MDM_DEVDETAIL_EXT01 mdm on os.ResourceID=mdm.ResourceID