May 25 2020 05:09 AM
Hi,
I was testing some configurations with scope tags and apps.
The setup is straight forward, I have 3 scope tags based upon security groups containing the devices to represent a region.
Prior to starting with the scope tags, there were already apps imported (Managed Google Play & Apple App Store). These are all assigned to the default scope tag.
Now when I'm logged as a delegated admin which only has permissions to add apps for a region, defined by the scope, I cannot see these apps which is expected because it's not shown (assigned) for that scope (region). When I want to add one of these apps that are already imported, I see 2 different scenarios:
I've been thinking about some workarounds for this:
Has anyone ever come across such a use case or would like to share any thoughts on this?
Thanks,
Bart
May 25 2020 10:53 AM
SolutionMay 26 2020 02:00 PM - edited May 26 2020 02:19 PM
@Thijs Lecomte Thanks for your insights!
I was thinking along the same path in regards for adding apps as there is no technical option to implement this otherwise.
*edit*
I also noticed that when importing a new app from Managed Google Play by a delegated admin in the scope, that this app is assigned the default scope tag and is only visible by the Intune admin.
I'm also playing with the app assignment for iOS, because even though it's possible to import the app again in the delegated scope and getting 2 instances in the Intune admin view, it isn't clear to me what the result would be when the assignment in required enforced by the global/Intune admin vs assignment by the delegated admin. For the first results it looks like the assignment from the delegated admin has higher precedence, but I haven't tested all the scenario's yet...
May 25 2020 10:53 AM
Solution