Unable to assign group to configuration profile policy create in Microsoft Endpoint Manager

Ainul Jasni 41 Reputation points
2022-10-25T09:29:59.433+00:00

Hello, I can create Configuration profile but unable to include group of a test device group. I was able to include the group during the creation, but after review+save, the configuration profile was successfully created but after I check back in the profile properties, under included group it shows 'not selected'. so I tried edit the assignments, and got the error "You don't have enough permissions to assign this configuration to one or more of your selected groups, contact your administrator."

I have built in role 'policy and profile manager' with the enrollment programs 'assign profile'. but still got this error, can you help me?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
554 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,509 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
3,656 questions
0 comments
Accepted answer
  1. Crystal-MSFT 35,961 Reputation points Microsoft Vendor
    2022-10-26T01:13:03.54+00:00

    @Ainul Jasni , Thanks for posting in Q&A. For your error message, it seems there are permission issue when assign configuration profile to one group.

    Based on my experience, it can be that the role assignment to you didn't include the group under Scope groups. You can check and add the test device group under your role assignment to see if it works.
    254039-image.png
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 29,291 Reputation points Microsoft Employee
    2022-10-25T23:29:14.1+00:00

    Hi @Ainul Jasni ,

    I have seen this issue before and I believe when you need to add "All devices" to your assignment in the autopilot deployment profile in order to resolve the issue. See Permissions to assign deployment profiles:

    254055-image.png

    You also need to have both the correct Azure and Intune permissions to assign profiles to a group, as documented here.

    Let me know if this helps. If you still face this issue let me know and I have some other suggestions to try depending on your scenario.

    -

    If the information helped you, please Accept the answer. This will help us and other community members as well.

    0 comments
  2. Ainul Jasni 41 Reputation points
    2022-10-26T02:41:46.99+00:00

    Hi @Marilee Turscak-MSFT , thank you for your answers. Actually I'm not creating Automatic Deployment profile, I just want to create and assign a group from the Configuration profile I've created in Microsoft Endpoint Manager ( Devices > Windows > Configuration Profile ), as shown here

    May I know if theres any connection to Automatic Deployment profile and why do I need to create profile under Windows Automatic Deployment program?