Allow Help Desk to view only Bitlocker Key in Intune/Azure?

net1994 21 Reputation points

We have a 3rd party support agency that handles about 200 of our laptops. They are all Azure AD joined. We want to give them rights to retrieve only bitlocker key information. What is the most restrictive way to setup the new support accounts to do this? They don’t currently have accounts to sign into our tenant. We don’t want to them to be able to assign policies or software or modify any Azure/Intune settings. Later on down the road, we may want to allow them to view device information (in addition to bitlocker keys) for them to see what applications might be installed or collect diagnostic data and so on. But first we are starting with just bitlocker information.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
452 questions
Azure Active Directory Priviledged Identity Management
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
2,732 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Rahul Jindal [MVP] 7,451 Reputation points MVP

    This may help. 3185209

    1 person found this answer helpful.
    0 comments No comments