Apply RBAC and admin delegation in Microsoft Intune
Intermediate
Administrator
Microsoft 365
Microsoft Intune
Microsoft Entra ID
This module explains how to delegate Microsoft Intune administration safely using Role-Based Access Control (RBAC), scope tags, and group-based role assignments. You'll learn how to partition visibility, configure scoped administration for regional or departmental admins, and audit administrative actions to detect configuration drift.
Learning objectives
By the end of this module, you'll be able to:
- Describe how Microsoft Intune RBAC and scope tags partition admin permissions and visibility
- Choose between direct and group-based role assignments for multi-admin environments
- Configure scope tags and role assignments to delegate regional or business-unit administration
- Audit admin actions and export Intune audit logs for monitoring and compliance
- Detect and respond to configuration drift using audit logs and Azure Monitor alerts
Prerequisites
- Working knowledge of Microsoft Intune and the Intune admin center
- Familiarity with Microsoft Entra ID users, groups, and built-in directory roles