504 questions
I have this done like that:
Providing access to a user to intune to only upload hash files
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 7.000000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Rookie{}
61
Reputation points
Hi there,
I am looking to provide access to a Team member who should be limited to only uploading hash files. Would like some help with custom permissions required for this kind of access.
I am trying to configure this via Roles by creating a custom role.
Microsoft Security | Intune | Security
Microsoft Security | Intune | Configuration
2,095 questions
Microsoft Security | Intune | Other
5,571 questions
Accepted answer
-
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP2023-05-09T17:57:31.8633333+00:00 -
Rookie{} 61 Reputation points
2023-05-09T19:53:47.0966667+00:00 Thanks I created this role, then added a group with test user with a created assignment, test user has an intune license and the user was thrown no access error on endpoint.microsoft.com on login. Anything I am missing here ?
-
Pavel yannara Mirochnitchenko 13,336 Reputation points MVP
2023-05-10T13:38:01.41+00:00 @Rookie{} you will also need to assign Enteprise Application called "Microsoft Intune PowerShell" in Entra/AzureAD to the group you assigned customer role of Intune.
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Crystal-MSFT 53,991 Reputation points Microsoft External Staff2023-05-10T01:54:59.5533333+00:00 @Rookie{, Thanks for posting in Q&A.
For the permission, Autopilot device management requires only that you enable all permissions under Enrollment programs, except for the four token management options.
https://learn.microsoft.com/en-us/mem/autopilot/add-devices#required-permissions
From your description, I notice the permission has been granted. But it is not working. Based as i know RBAC permission has some delay. You can add Role read permission and check under My permission to double confirm if the permission has gotten. If not, wait 1 to 2 days to see if the permission can be applied.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
-
Crystal-MSFT 53,991 Reputation points Microsoft External Staff
2023-05-12T01:50:24.0333333+00:00 @Rookie{, Hope things are going well. I am writing to see if the RBAC is working now. If there's any update, feel free to let us know.
Sign in to comment -