Windows 365 Administrator built-in role getting 401 unauthorized when enrolling devices

Copper Contributor

I'm trying to enroll new devices using the get-windowsautopilotinfo script. For this task, I'm trying to use a user assigned with the built-in role "Windows 365 Administrator", which is a new role.

Based on the above article, the role has the "" action, with description "Create devices (enroll in Azure AD)". It even says the role can "Enroll and manage devices in Azure AD, including assigning users and policies".

But when I execute get-windowsautopilotinfo -online in Windows 10 OOBE Powershell, and login with the Windows 365 Admin. user, I encounter the following error:
add-autopilotimportedevice: 401 unauthorized



Anyone else encounter the same problem? Should I just wait a few months for Microsoft to fix the role? :)

I've tried waiting 24 hours after assigning the role, same error. It might be unlikely a delay-related issue, a few seconds after assigning the Intune Admin. role, the script executes flawlessly.
I've also tried 2 users, 2 separate devices, same error.

1 Reply
Managed to get an official answer from intune support..

get-windowsautopilotonline calls on other Intune workflows in the backend, which is not broken down into specific role actions. Only intune admin and global admin can access said workflows.

" - Create devices (enroll in Azure AD)" is not the same as enrolling devices in autopilot.