Hi shawn,
As I can see in the documentation at https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator and from what I can read in the description for the role in my Entra ID Portal under the access scopes most of them is "/read" (read only) and the only one with permissions to do something is listed here:
microsoft.directory/users/invalidateAllRefreshTokensPRIVILEGEDForce sign-out by invalidating user refresh tokensmicrosoft.directory/users/invalidateAllRefreshTokensPRIVILEGEDForce sign-out by invalidating user refresh tokensmicrosoft.directory/users/password/updatePRIVILEGEDReset passwords for all usersmicrosoft.azure.serviceHealth/allEntities/allTasksRead and configure Azure Service Healthmicrosoft.azure.supportTickets/allEntities/allTasksCreate and manage Azure support ticketsmicrosoft.office365.serviceHealth/allEntities/allTasksRead and configure Service Health in the Microsoft 365 admin centermicrosoft.office365.supportTickets/allEntities/allTasksCreate and manage Microsoft 365 service requests And as I see and from that I remember in my time useing Entra ID (Azure AD) and Intune, no changes where made to as this role has nothing to to with Intune/devices :) A role there gives that is needed.