Built-in security role for MDM in ConfigMgr and Intune hybrid scenario
It would be helpful to have a built-in security role in ConfigMgr current branch to grant MDM administrators rights to configure and administer devices, policies, applications, etc.

5 comments
-
Anonymous commented
Yes it would be good to have MDM Admin Role.
Looks like with 1802 upgrade Configuration are tweaked and App polices are not visible with the below settings
-
Jakob commented
For now you can use some from here! http://configmgrblog.com/2015/04/29/custom-mdm-rba-roles-for-configuration-manager-2012-r2/
-
Iain Fairbairn commented
This would be useful and it would be good if there were a couple of levels of permissions on this. we have basic service desk people we would want to only be able to lock and reset passcodes but not retire or Wipe. At the moment no matter how you play with the permissions you get all of that or nothing.
-
Tim commented
I've found a few custom security roles around MDM and have been tweaking them as needed to grant rights to different items for our MDM team. I thought it would be helpful for the community if a built-in security role could be provided in a future CB update.
These are the custom security roles that I have been modifying.
Credit - http://configmgrblog.com/2015/04/29/custom-mdm-rba-roles-for-configuration-manager-2012-r2/
-
Great idea. What should the default permissions be for this role? i.e. what actions does it need, and not need?