Intune Enrollment Question

Question

Trying to fully understand how this works. If I get a new laptop and get to the point where it is asking for a region, I can hit Shift +F10 to get the command prompt. I can then start PowerShell and set the execution policy to bypass. I install the Get-WindowsAutoPilotInfo script and run it with -Online -Assign andit installs modules, etc, connects to the tenant and dies on Add-AutopilotImportedDevice. I signed in using an account that has an Intune license and has been designated as a device enrollment manager. It works fine if I use my Global Admin Account. What am I missing? I was under the impression that I could add the device enrollment manager role to an account and run this script. Any help appreciated. I don't want to have to give a Global Admin Account to anyone if I can help it.

Answer 1

Hi @Matt Dillon

You can try use the following steps to create a Role to import devices:

1) Open up Tenant Administration

https://endpoint.microsoft.com/?ref=AdminCenter#view/Microsoft_Intune_DeviceSettings/TenantAdminMenu/\~/tenantStatus

2) Go to Roles

3) Create a new role

4) Follow the permissions to assign in the guide:

5) Assign to your scope tags.

6) Assign your role to specific people/accounts:

---

If this is helpful please accept answer.

Answer 2

Yeah. I made the custome role and it worked awesomely.