@Eduards Thanks for posting in our Q&A. From your description, I know that you want to get a role that only see Android Dedicated devices and operate only with them. If there is any misunderstanding, feel free to let us know.
For the user can only manage the test device in Intune portal, here are the detailed steps for a reference:
1.Create a user group and add a test user to this user group A.
2.Create a device group and add the target device to this device group B.
3.Create a scope tag in Tenant Administrator > Roles > Scope (Tags) and assign to the device group B
4.Create a custom role in Tenant Administrator > Roles > All roles, set Permission for this role, choose Scope tags.
5.Choose the custom role we created, select Assignments to add Role Assignment, configure Admin Groups, users in these group will have permissions to manage users/devices in the Scope (Groups), configure Scope groups and select scope tags
6.When I login intune portal with the test user, I only see this target device.
The following link for the reference:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/scope-tags
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Eduards Thanks for your response.
Yes, currently, we can't configure settings mentioned in your question.
Hello @Lu Dai-MSFT
And what about Scope tags and scope groups?
Can i do something with this?
@Eduards Thanks for the reply. Based on my research, for Scope groups, the users/devices in this group can be managed by the users in the Admin Groups. For scope tags, it determine which objects admins can see.
Based on my test, when I add the test device into a group which is added into scope groups, I find the user in the admin group I configured can only manage the test device in Intune portal. For the detailed steps, I have modified in my first Answer. We can refer to it. For our situation, I think we can try to add the devices into different groups with different enrollment method, use Scope tags, Scope groups to see if it can meet our requests.
Thank you @Lu Dai-MSFT this is what i needed!
@Eduards You're welcome. If you have any problem in the future, welcome to post in our Q&A.
Thanks and have a nice day. : )
Sign in to comment