Intune RBAC not always working

Stéphane Lalancette 191 Reputation points

Hi, we have a random issue where some devices don't seem to apply the RBAC permissions that have been set to them.

We set a scope tag on a list of device and assign specific permissions (wipe/restart/etc).

It works on most computers in the list, but on some we get the following errors:

Anyone experienced this and/or knows where I could look to try to gather more details as to why it's happening?

Thks in advance and don't hesitate if you have any questions

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,466 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Crystal-MSFT 44,406 Reputation points Microsoft Vendor

    @Stéphane Lalancette , For our issue, here are some suggestions from my side:

    1. Go to one affected Device in Intune admin center portal, check the properties of the device and see if the Scope Tags is already changed.
    2. RBAC role take about 15-20 min to take effect. Please wait some time and logout and login again to see if the result will be different.

    However, if the issue still persists, please get screen shots of the scope tags, role, role assignment we configured to know it better. As a reminder, if there's any sensitive information in the picture, please hide them.

    If there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Stéphane Lalancette 191 Reputation points

    sorry for the delay, I should be able to test on problematic machines on Wednesday. Thank you for your help

  3. Stéphane Lalancette 191 Reputation points

    Hi, it still doesn't work on some devices, works on most (all are part of the same configs)
    Here are the configurations
    Scope tag:


    Role permissions

    Don't hesitate if you need anything else.


  4. Stéphane Lalancette 191 Reputation points

    It worked with adding the device group. Thank you