Intune - custom role issue

Peder21jensen 1 Reputation point
2021-12-08T12:36:15.217+00:00

For the servicedesk I in intune "endpoint.microsoft.com" want to allow servicedesk to be able to use the "delete" button if a device needs to be removed from intune.

I have made a custom role and enabled deleting(see screenshot) . The delete button is active for the users in the group, but if they delete it just comes an popup in the upper right corner, that device cannot be deleted

How can I figure out what is wrong as the custom role should give the access155840-greenshot-2021-12-08-133216.png

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,077 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Lu Dai-MSFT 28,241 Reputation points
    2021-12-09T04:36:26.873+00:00

    @Peder21jensen Thanks for posting in our Q&A.

    To clarify this issue, did you correctly set the role assignments? Please refer to the following article:
    https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control#role-assignments

    I have done the test in my lab. I add a user group in "Members" and add a device group in "Scope(Groups)". When I use the user included in the target user group to login in the intune portal, the device included in the device group will be listed in the portal. And I delete the device successfully.
    156135-image.png

    156116-image.png

    156161-image.png

    Hope it will help.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Peder21jensen 1 Reputation point
    2021-12-09T13:31:42.807+00:00

    In scope group, I have also added the scope group for the servicedesk - so is fine.
    The custom roles settings is working for all other entries I made in the custom role.

    I have a test tried to remove some members from the group and as soon they are out of the group, they do not have any options to sync/wipe etc anymore in intune.

    If they did not have the right to delete, the button would be greyed out. But they actually have the delete button active, but are unable to delete any items.
    Can it be other roles that conflict with the delete issue?

    156257-image.png