Intune 403 error - When accessing InTune Portal

Ali Fadavinia · ‎Apr 30 2021

Hi Intune Community,

I have two users who I have given them the Application Manager role with full access, under Tenant Admin --> MEM roles but they are receiving following access error when they try to reach Intune/Endpoint Manager: 403 Error - Intune.png

I read https://techcommunity.microsoft.com/t5/microsoft-intune/401-and-403-error-when-logging-into-endpoint... link, which does not apply to our environment. As we already have the MDM set-up and running.

Any thoughts/help appreciated.

Rudy_Ooms_MVP · ‎Apr 30 2021

Hi,

I don't know for 100% sure if this still applies... but I guess it's worth taking a look at it:

https://www.enhansoft.com/how-to-add-the-intune-service-administrator-directory-role-to-a-user-accou....

Ali Fadavinia · ‎Apr 30 2021

Thanks for your reply,

We dont want to give admin role, as it has full privileges. They shouldn't be given tat role.

They just need to manage the apps(upload, change properties ,assignments,etc.) so that is why I gave them MEM roles.

Rudy_Ooms_MVP · ‎Apr 30 2021

Hi...

Ahhh okay. Pretty good point. Do you have configured scoping or only added the user/group to the buildin role

Does the user have access to other parts like device configuration profiles? Just tested it my self.. I made a copy of the application manager role and assigned it the the Intune_app_group (my tset ser is a member) and included all devices and users... it took about 5/10 minutes before i could access the application page (the first time I logged in ... i had the same error)

Ali Fadavinia · ‎May 03 2021

I wish Microsoft had better documentation for its platforms and Services.

Yes, that is exactly what I did.

I created a group and add those members there; then assign that group to my custom Role- exactly what you shared. But same error

Ali Fadavinia · ‎May 03 2021

I think I figure out what is going on:

I checked the definition between Members & Scope for my role(application manager) :

Members: All users in the listed Azure security groups have permission to manage the users/devices that are listed in Scope (Groups).
Scope (Groups): All users/devices in these Azure security groups can be managed by the users in Members.

So, for Members it should be the group I wanna give the power/privileges to

but for Scope: it should be all devices, all users [ not limited to the assigned group - this is where I was doing wrong ]

Now, the users can access to Endpoint Manager

Ali Fadavinia · ‎May 03 2021

Hi.

the microsoft documentation is a little bit hard to read. But yes indeed... just like the screenshot I posted.. All devices/All users otherwise it is not going to work

Ali Fadavinia · ‎May 03 2021

Good R&D virtually, high give! ;)

LordeAstorWest · ‎Mar 30 2023

I was having the same issue and after much google searching and digging found this link on another post. I tried it and it worked perfectly for me. Now I am able to access everything.

https://support.microsoft.com/en-us/office/set-up-basic-mobility-and-security-dd892318-bc44-4eb1-af0...

Ali Fadavinia · ‎May 03 2021

Hi.

the microsoft documentation is a little bit hard to read. But yes indeed... just like the screenshot I posted.. All devices/All users otherwise it is not going to work

View solution in original post

Intune 403 error - When accessing InTune Portal

Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Re: Intune 403 error - When accessing InTune Portal

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Intune 403 error - When accessing InTune Portal