@BenHorbul-0927 Thanks for posting in our Q&A.
For this issue, it is suggested to try to create a custom role and you can give permissions what you want to this role.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/create-custom-role
Then we can add a user group under Members, add a devices group under Scope (Groups) and add Scope tags in this role assignment.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control#role-assignments
User group:
Device group:
Scope tag:
Assignments under this custom role:
When I used the target user included in the user group signing in intune portal, I only can see the devices included in the device group.
What did you mean "pin reset"? Is it "Passcode reset" we can see in intune portal? If yes, please set "Passcode reset" to "Yes" in the custom role. However, not all devices support passcode reset. For more details, please refer to the following article:
https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-passcode-reset
Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.