Separated admins for different Intune devices

Iván Avilés Ruiz 20 Reputation points
2023-11-08T14:49:18.86+00:00

Hello. Recently my company has "split" in two, and now we need to share certain resources with the IT administrators of the other part of the company until they complete the migration of all their data, but we don't want to share all the data. My question is: Would it be possible to create a user in our own tenant that could access certain devices that are theirs but are still in our Intune (for example in a separated group) but not all of them? And also be an administrator user so that they could manage these devices, but only these specific devices?

Thanks in advance.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,772 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,582 questions
0 comments No comments
{count} votes

Accepted answer
  1. ZhoumingDuan-MSFT 10,105 Reputation points Microsoft Vendor
    2023-11-09T02:40:45.6333333+00:00

    @Iván Avilés Ruiz,Thanks for posting in Q&A.

    From your description, I know that you want to create a user in your tenant to manage specific devices in other tenants.

    Based on my research, I found that Intune allow you can use role-based access control and scope tags to make sure that the right admins have the right access and visibility to the right Intune objects. Roles determine what access admins have to which objects. Scope tags determine which objects admins can see.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags

    However, the role-based access control can be used to give a user permission to manage certain devices only when both the devices and the users are on the same Intune tenant.

    Thanks for your kind understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful