cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell and credentials

Luis_Antonio_Marquez
Copper Contributor

‎Jan 21 2021 09:57 AM - last edited on ‎May 24 2021 02:11 PM by

‎Jan 21 2021 09:57 AM - last edited on ‎May 24 2021 02:11 PM by

Powershell and credentials

Probably this is a very common topic. I would like to supply some scripts to the support team, that should run with very high privileges, but I don't want them to have those privileges.

Can anyone help me with some advice about the best approach?

 

Thanks,

 

Luis.

998 Views
0 Likes
3 Replies
Reply
3 Replies
Thijs Lecomte

‎Jan 21 2021 10:58 AM

‎Jan 21 2021 10:58 AM

Re: Powershell and credentials

What kind of tasks are you talking about?

You would need to build some kind of interface so that users do not get the credentials, but this depends entirely on the use case
0 Likes
Reply
Luis_Antonio_Marquez

‎Jan 21 2021 11:21 PM

‎Jan 21 2021 11:21 PM

Re: Powershell and credentials

@Thijs Lecomte , first thanks for your answer.

They are tasks related to the user and device management. Usually, they would require Intune Administrator, Device Administrator, User Administrator roles but definitely, they are too powerful to be assigned. Now they are working using PIM, but anyway I feel it would be great to let an application do the job with appropriate permissions, and let the Support Team work with minimum privileges.  That said, any recommendations are very welcomed. I feel a bit lost.

0 Likes
Reply
Thijs Lecomte

‎Jan 23 2021 09:13 AM

‎Jan 23 2021 09:13 AM

Re: Powershell and credentials

Have you looked into scope tagging for Intune?
https://tech.nicolonsky.ch/intune-scope-tags-rbac-explained/

I use it for this scenario exactly at multiple customers.
Some admins only have to view data within Intune
0 Likes
Reply