Share via

Unable to save Device ownership on Endpoint

Kingsley Moore 1 Reputation point
2022-01-21T03:05:36.987+00:00

I am trying to change the Device Ownership on Endpoint for an iOS device and it says it is saving but not permanently saving as the save button is not being greyed out.

I am not a Global Admin but have the roles that are in the attached screenshot, I have spoken to the Global admins and they can do it fine and we can't figure what is going on.

167015-roles.png

Microsoft Security | Intune | Enrollment
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lu Dai-MSFT 28,496 Reputation points
    2022-01-21T07:34:22.243+00:00

    @Kingsley Moore Thanks for posting in our Q&A.

    For Exchange, Teams and SharePoint Administrator, they are only the admin of these products and they are not have the permission to manage devices in intune portal.
    For Helpdesk Administrator, it is a role can change passwords, invalidate refresh tokens, manage service requests, and monitor service health.
    For Service Support Administrator, it is a role can open support requests with Microsoft for Azure and Microsoft 365 services, and views the service dashboard and message center.
    For User Administrator, it is a role can manage all aspects of users.
    For Global Reader, it is a role with only read permission.
    We can read the following article to get more information about roles:
    https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#all-roles

    So, the above 7 roles, all don't have the permission to change the device ownership. At the same time, I tried assign these 7 roles to my user and it is greyed out in "device ownership".
    167153-image.png

    167134-image.png

    In our official article, it is needed to use an admin to change the device ownership. Based on my understanding, it means Global Administrator or Intune Administrator.
    https://learn.microsoft.com/en-us/mem/intune/enrollment/corporate-identifiers-add#change-device-ownership

    Hope it will help you.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
  2. Timmy Andersson 411 Reputation points MVP
    2022-01-21T07:42:53.397+00:00

    Hey and thanks for posting,

    In Intune you have different roles that can be applied to a user to enable or disable certain action that can be performed in Intune. You can find out what permissions you have in Intune specifically if you go to: endpoint.microsoft.com -> Tenant Admin -> Roles -> My Permissions

    If you want to be able to rename a device, the role you are assigned needs to allow the "set device name" permission that's under "Remote tasks"

    167125-image.png

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control

    If this helps, please accept the answer

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.