Exchange Online access via PIM
Hi, We are looking to grant more granular access to the Exchange Online portal for our support teams instead of the Exchange Admin Entra role. The idea is to set up cloud security groups, onboard them to PIM and grant the users eligible assignments. The groups would be then assigned to the Exchange Online role groups (RBAC) in the Exchange Portal. It appears though that Exchange Portal requires mail-enabled security groups and mail-enabled security groups cannot be onboarded to PIM. Does anyone know if this is by design? What is the alternative solution to grant JIT access to the Exchange Portal instead of the Entra role or the standing access of the users assigned directly to the RBAC roles on the Exchange Portal? Many thanks.
RBAC Intune - Can not see devices
Hi @all :-), I have defined a custom role for our admins in different departments (see screenshot). The administrators are in a group, the group is assigned to that role. Scope groups are assigned (users and devices in the department) and scope tags are set. But the department admin can not access the device list (not authorized). What permission is missing? I hope someone can give me a hint. 🙂Azure AI Health Bot – now supports Microsoft Entra Access Management
We are excited to announce the introduction of Microsoft Entra Access Management support in the Azure AI Health Bot. This enhancement increases security by leveraging the robust and proven capabilities of Microsoft Entra. Customers interested in this feature can opt-in by navigating to the User Management page and enabling the Microsoft Entra Access Management feature. This feature can only be enabled for users who have the Health Bot Admin role in the Azure access control identity-access-management (IAM) pane. When Microsoft Entra Access Management is enabled, all users and roles should be managed through Azure Access control identity-access-management (IAM) pane. The Access Control (IAM) now contains the same Azure AI Health Bot roles in Azure, such as Health Bot Admin, Health Bot Editor and Health Bot Reader. When the Microsoft Entra Access Management feature is enabled, the User Management page will be read-only. All users in the Management Portal page will need to be manually added with the right roles through the Azure Access Control (IAM) page in the Azure Portal. You can read more on the Microsoft Entra Access Management features on our public documentation pagePermissions for Teams Phone Management
Hello. Our organization is looking to cut back on the number of users who have the Intune Administrator RBAC role, and in looking for solutions, I have an issue. I want to create a custom RBAC role called "Phones Admin" which will have the ability to enroll and manage Teams phone devices. However, I'm trying to decipher what permissions this kind of role would need, if it is possible. Has anyone done something like this, and if so, how did you configure the custom role?
Intune Permissions
Hi, I am using roles within Intune and would like to grant access to the "enrollment issues"-view for some HelpDesk guys. https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMonitorMenu/enrollmentFailures) But I don't get which permission is responsible to enable that view. I can not find anything in the documentation. thanks Sebastian
