You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/role-based-access-control.md
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,7 @@ For advice and suggestions about Intune RBAC, you can check out this series of f
41
41
## Roles
42
42
A role defines the set of permissions granted to users assigned to that role.
43
43
You can use both the built-in and custom roles. Built-in roles cover some common Intune scenarios. You can [create your own custom roles](create-custom-role.md) with the exact set of permissions you need. Several Azure Active Directory roles have permissions to Intune.
44
-
To see a role, choose **Intune** > **Tenant administration** > **Roles** > **All roles** > choose a role. You'll can manage the role on the following pages:
44
+
To see a role, choose **Endpoint Manager** > **Tenant administration** > **Roles** > **All roles** > choose a role. You can manage the role on the following pages:
45
45
46
46
-**Properties**: The name, description, permissions, and scope tags for the role.
47
47
-**Assignments**: A list of [role assignments](assign-role.md) defining which users have access to which users/devices. A role can have multiple assignments, and a user can be in multiple assignments.
@@ -54,11 +54,14 @@ You can assign built-in roles to groups without further configuration. You can't
54
54
55
55
-**Application Manager**: Manages mobile and managed applications, can read device information and can view device configuration profiles.
56
56
-**Endpoint Security Manager**: Manages security and compliance features, such as security baselines, device compliance, conditional access, and Microsoft Defender for Endpoint.
57
-
-**Help Desk Operator**: Performs remote tasks on users and devices, and can assign applications or policies to users or devices.
58
-
-**Intune Role Administrator**: Manages custom Intune roles and adds assignments for built-in Intune roles. It's the only Intune role that can assign permissions to Administrators.
59
-
-**Policy and Profile Manager**: Manages compliance policy, configuration profiles, Apple enrollment, corporate device identifiers, and security baselines.
60
57
-**Read Only Operator**: Views user, device, enrollment, configuration, and application information. Can't make changes to Intune.
61
58
-**School Administrator**: Manages Windows 10 devices in [Intune for Education](introduction-intune-education.md).
59
+
-**Policy and Profile Manager**: Manages compliance policy, configuration profiles, Apple enrollment, corporate device identifiers, and security baselines.
60
+
-**Help Desk Operator**: Performs remote tasks on users and devices, and can assign applications or policies to users or devices.
61
+
-**Intune Role Administrator**: Manages custom Intune roles and adds assignments for built-in Intune roles. It's the only Intune role that can assign permissions to Administrators.
62
+
-**Cloud PC Administrator**: A Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade.
63
+
-**Cloud PC Reader**: A Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade.
64
+
62
65
63
66
### Custom roles
64
67
You can create your own roles with custom permissions. For more information about custom roles, see [Create a custom role](create-custom-role.md).
0 commit comments