Seperate Intune administrators for smartphones and laptops devices?

Occasional Contributor


I have 1 O365/Azure tenant. We have implemented intune for the Windows laptops by MicrosoftPartnerA. Now we would like to implement intune for smartphones by MicrosoftPartnerB (specialised in mobile devices). How can I seperate the administrators permissions of these 2 companies? They don't like it to have access in each other settings. RBAC? Another Azure tenant wit a sync with AAD? Please help.

 

6 Replies

@Harm_Veenstra  thank you. Where can I find all RBAC roles?

You can assign a built-in or custom role to an Intune user.

To create, edit, or assign roles, your account must have one of the following permissions in Azure AD:

Global Administrator
Intune Service Administrator

In the Microsoft Endpoint Manager admin center, choose Tenant administration > Roles > All roles.
Thank you @Harm_Veenstra , Isn't there any official documentation with all the roles and description?
I answered your question regarding seperating certain things in Intune using a custom role and scope tags, an overview of Intune Admin roles is here https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac?view=o3...