Run as admin on intune devices - role

Hi all,


What role can I give a user if we want to allow them to be able to run as admin on intune managed devices without giving global admin? 



Do you use LAPS on your devices?
We dont use LAPS
Cloud LAPS, EPM are the recommended options. Alternatively, you can elevate the permissions of the enrolled user using JIT and PIM. Maybe this can help -
That's a great input, I would do the same :)