Seperate Intune administrators for smartphones and laptops devices?

%3CLINGO-SUB%20id%3D%22lingo-sub-3026597%22%20slang%3D%22en-US%22%3ESeperate%20Intune%20administrators%20for%20smartphones%20and%20laptops%20devices%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3026597%22%20slang%3D%22en-US%22%3E%3CP%3E%3CBR%20%2F%3EI%20have%201%20O365%2FAzure%20tenant.%20We%20have%20implemented%20intune%20for%20the%20Windows%20laptops%20by%20MicrosoftPartnerA.%20Now%20we%20would%20like%20to%20implement%20intune%20for%20smartphones%20by%20MicrosoftPartnerB%20(specialised%20in%20mobile%20devices).%20How%20can%20I%20seperate%20the%20administrators%20permissions%20of%20these%202%20companies%3F%20They%20don't%20like%20it%20to%20have%20access%20in%20each%20other%20settings.%20RBAC%3F%20Another%20Azure%20tenant%20wit%20a%20sync%20with%20AAD%3F%20Please%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3026597%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3026870%22%20slang%3D%22en-US%22%3ERe%3A%20Seperate%20Intune%20administrators%20for%20smartphones%20and%20laptops%20devices%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3026870%22%20slang%3D%22en-US%22%3EYou%20can%20use%20RBAC%20and%20Scope%20Tags%2C%20don't%20know%20if%20that%20would%20fit%20your%20needs%3F%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fscope-tags%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fscope-tags%3C%2FA%3E%20%2F%20%3CA%20href%3D%22https%3A%2F%2Fblog.thinformatics.com%2F2020%2F03%2Frole-based-access-control-in-microsoft-endpoint-manager%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.thinformatics.com%2F2020%2F03%2Frole-based-access-control-in-microsoft-endpoint-manager%2F%3C%2FA%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3027051%22%20slang%3D%22en-US%22%3ERe%3A%20Seperate%20Intune%20administrators%20for%20smartphones%20and%20laptops%20devices%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3027051%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1209009%22%20target%3D%22_blank%22%3E%40Harm_Veenstra%3C%2FA%3E%26nbsp%3B%20thank%20you.%20Where%20can%20I%20find%20all%20RBAC%20roles%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor


I have 1 O365/Azure tenant. We have implemented intune for the Windows laptops by MicrosoftPartnerA. Now we would like to implement intune for smartphones by MicrosoftPartnerB (specialised in mobile devices). How can I seperate the administrators permissions of these 2 companies? They don't like it to have access in each other settings. RBAC? Another Azure tenant wit a sync with AAD? Please help.

 

6 Replies

@Harm_Veenstra  thank you. Where can I find all RBAC roles?

You can assign a built-in or custom role to an Intune user.

To create, edit, or assign roles, your account must have one of the following permissions in Azure AD:

Global Administrator
Intune Service Administrator

In the Microsoft Endpoint Manager admin center, choose Tenant administration > Roles > All roles.
Thank you @Harm_Veenstra , Isn't there any official documentation with all the roles and description?
I answered your question regarding seperating certain things in Intune using a custom role and scope tags, an overview of Intune Admin roles is here https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac?view=o3...