cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

InTune Delegation for large enterprise with multiple OpCos?

Tom Fuchs
Copper Contributor

‎Oct 03 2018 03:07 PM

‎Oct 03 2018 03:07 PM

InTune Delegation for large enterprise with multiple OpCos?

Hello,

 

Our customer has 60k entities in their AAD tenant and a single Microsoft contract. There are 5 operating companies (OpCo) under that umbrella. Admins in each OpCo needs to be able to manage just their users. I recall hearing about Administrative Units concept in AAD. Not sure if that helps with the InTune questions. Can anyone confirm or point me in the right direction.
Best Regards,
Tom

Labels:
1,958 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Shlomo

‎Oct 03 2018 03:33 PM

‎Oct 03 2018 03:33 PM

Re: InTune Delegation for large enterprise with multiple OpCos?

Hi Tom,

 

There are Role Based Access Controls in Intune that has great flexibility and control to ensure your administrators have the right permissions to perform their specific job and no more.

The RBAC includes at the top specific roles and role assignment with specific permissions, and one of the examples is the following URL Intune RBAC.

 

You can leverage the permissions with administrative units and central administrators to delegate permissions to regional administrators or to set policy at a granular level and is useful in organizations with independent teams/region/division.

 

For your organization, the first stage can be with Intune RBAC and after continue with AU administration.

Tip: Prepare a matrix for your admins, permissions required and list of roles they need and from this point, you will be able to provide the relevant delegation. 

 

Eli.

1 Like
Reply
Tom Fuchs

‎Oct 03 2018 05:37 PM

‎Oct 03 2018 05:37 PM

Re: InTune Delegation for large enterprise with multiple OpCos?

Thank you. This is exactly what I was looking for.

Best Regards,

Tom

0 Likes
Reply
Jake Stoker

‎Oct 07 2018 01:40 PM

‎Oct 07 2018 01:40 PM

Re: InTune Delegation for large enterprise with multiple OpCos?

Adding to Eli's reply you can also use Scope Tags in Intune to filter which policies certain roles can see. https://docs.microsoft.com/en-us/intune/scope-tags

0 Likes
Reply