User group based scope tags for distributed IT

%3CLINGO-SUB%20id%3D%22lingo-sub-2335620%22%20slang%3D%22en-US%22%3EUser%20group%20based%20scope%20tags%20for%20distributed%20IT%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2335620%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20assign%20scope%20tags%20to%20devices%20based%20on%20user%20groups%3F%20We%20need%20to%20delegate%20administrative%20privileges%20to%20local%20country%20admin.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2335620%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2337585%22%20slang%3D%22en-US%22%3ERe%3A%20User%20group%20based%20scope%20tags%20for%20distributed%20IT%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2337585%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20understand%20you%20correctly.%20You%20could%20create%20a%20custom%20intune%20role%20and%20assign%20it%20to%20the%20user%20group%20and%20add%20the%20scope%20tag%20to%20it.%20so%20only%20devices%20etc%20with%20that%20scope%20are%20visible%20to%20the%20local%20country%20admin%3CBR%20%2F%3E%3CBR%20%2F%3ENicola%20created%20a%20blog%20about%20this%20some%20time%20ago..%20(if%20this%20is%20what%20you%20ment)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftech.nicolonsky.ch%2Fintune-scope-tags-rbac-explained%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftech.nicolonsky.ch%2Fintune-scope-tags-rbac-explained%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2343943%22%20slang%3D%22en-US%22%3ERe%3A%20User%20group%20based%20scope%20tags%20for%20distributed%20IT%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2343943%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F620702%22%20target%3D%22_blank%22%3E%40Rudy_Ooms%3C%2FA%3E%26nbsp%3BI%20already%20read%20that%20article%2C%20but%20we%20cannot%20apply%20scope%20tags%20to%20devices%20based%20on%20user%20groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2352315%22%20slang%3D%22en-US%22%3ERe%3A%20User%20group%20based%20scope%20tags%20for%20distributed%20IT%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2352315%22%20slang%3D%22en-US%22%3EFnod%20could%20you%20provide%20some%20more%20details%20on%20your%20requirement%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20a%20customer%20that%20also%20has%20a%20requirement%20for%20local%20IT%20to%20support%20their%20own%20devices.%20We%20weren't%20able%20to%20create%20dynamic%20groups%20(through%20name%20of%20Autpilot%20tag).%20I%20created%20a%20script%20that%20retrieves%20the%20primary%20user%20of%20a%20device%2C%20checks%20the%20'Company'%20field%20of%20that%20user%20and%20then%20adds%20the%20device%20to%20an%20assigned%20group.%3CBR%20%2F%3E%3CBR%20%2F%3EThat%20assigned%20group%20is%20assigned%20a%20scope%20tag%3C%2FLINGO-BODY%3E
New Contributor

Is there a way to assign scope tags to devices based on user groups? We need to delegate administrative privileges to local country admin.

3 Replies
Hi

If I understand you correctly. You could create a custom intune role and assign it to the user group and add the scope tag to it. so only devices etc with that scope are visible to the local country admin

Nicola created a blog about this some time ago.. (if this is what you ment)

https://tech.nicolonsky.ch/intune-scope-tags-rbac-explained/

@Rudy_Ooms I already read that article, but we cannot apply scope tags to devices based on user groups.

Fnod could you provide some more details on your requirement?

I have a customer that also has a requirement for local IT to support their own devices. We weren't able to create dynamic groups (through name of Autpilot tag). I created a script that retrieves the primary user of a device, checks the 'Company' field of that user and then adds the device to an assigned group.

That assigned group is assigned a scope tag