Permissions to manage and upload an Autopilot identity

So you may have individuals or partners that are responsible for uploading Autopilot identities (hardware hash associated Azure AD objects), so they are associated with the tenant and get the Autopilot profile and enrollment configurations. They import may be done manually through a .csv upload or through Get-WindowsAutoPilotInfo for testing.

Now the permissions that are needed to manage Autopilot identities are displayed in the screenshot below. You may create a custom role in Intune under Tenant administration>roles>Create>Intune role, give it a suitable name and assign the permissions found in the image below. Everything is found under the category enrollment programs. The permissions may even be more restricted to unselect Delete device and Assign profile, but I would create the role with these permissions so all tasks around Autopilot identities can be done.

Role permissions found under Tenant administration>roles


-- | #EnterpriseMobility #Security #MEM #ModernWorkplace

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store