Create JEA templates for diffrent SCCM roles
Just Enough Administrator (JEA https://msdn.microsoft.com/en-us/library/dn896648.aspx) is something that would increase security and enable support personell to troubleshoot SCCM on clients/server without giving them full administrator rights.
Maybe you could provide JEA templates that match the diffrent RBAC roles in SCCM.
For example a JEA Patch Admin template could allow the following:
- Read SCCM logs
- Read Windowsupdate.log
- Restart the Windows Update service
- Read WMI related to Updates
- and so on.
Providing templates like this would simplify the process of getting started with JEA. It would be even better if MS could provide templates for other products as well. This would increase security for many companies and would be a great way to help people start using JEA.