Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles? I will discuss Intune Modern Device management roles and responsibilities in this post. Although the first version of Intune was released in 2011 (or before that), the large-scale adoption of Microsoft Intune started in the last two years.  

I thought it would be better to spend some time defining Intune modern device management job roles within an organization. This post will help create a baseline for Microsoft Intune R & R for your organization. In this post, we will see “Intune Teams Roles Responsibilities“.  

Modern device management roles are similar to SCCM/ConfigMgr roles but not the same. As a starting point, we can take some of the job roles from SCCM and then expand that list to produce more comprehensive modern device management-related roles and responsibilities. This will also help build Intune modern device management teams within your organization.

This post explains the roles and responsibilities in Intune Teams Endpoint Manager, focusing on the default roles provided by Microsoft Intune. These roles define the permissions and tasks that users can perform within Intune.

Sign up to get the best of How To Manage Devices straight to your inbox!

This covers many hours-long training videos and Free Intune Design Decisions Training Videos. We also provide Free SCCM Training. We have also prepared the Top 50 Latest SCCM Interview Questions and Answers and Top 50 Latest Intune Interview Questions And Answers.

• Intune Supported Device Platforms and Custom Baselines Options
• Intune Supported Enrollment Methods for Windows, iOS, Android, MacOS, Linux, and ChromeOS
• Intune Design Decisions Free Training | Version 1 Starter Kit | Basic

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles

The following are the Intune team’s roles and responsibilities in Intune/AAD/Device management at a high level. I have segregated these roles and responsibilities depending on each feature of Intune. You can segregate these into different support organizations per your organization’s requirements.

Intune L1/L2 teams within your organizations may complete some tasks. However, some tasks require more technical skills, which Intune/Device Management L3 teams would handle.  

What are the Intune Team’s Roles and responsibilities?

Overall, I will segregate Intune roles into two(2). I have an Intune RBAC post to help you understand the security permissions needed for each role. More granular roles and permissions can help you define the Intune RACI matrix for your organization.

1. Intune Help Desk – First-level support
2. Intune Admin – Second or Third-Level Support

User Management
Application Creation and Deployment/Assignment
Service Administration
Mobile Application Management
Device/Profile Management
Conditional Access
Company Resource Access
Software Update Management

Intune/AAD – User Management – Intune Teams Roles Responsibilities

Understanding the roles and responsibilities is crucial in managing Intune and Azure Active Directory (AAD) user accounts. Intune Teams provide various roles with specific responsibilities to ensure smooth user management.

Intune/AAD – Application Creation and Deployment/Assignment

In Intune and Azure Active Directory (AAD), creating and deploying/assigning applications is crucial to managing your organization’s devices. You need to develop applications and then deploy or assign them to users or devices regarding application management.

1. Upload and Configure LOB applications (Windows, iOS, and Android)
2. Upload and Configuring Store applications (Windows, Apple, and Google )
3. Deploy LOB applications to a computer/mobile devices (iOS, WP, and Android)
4. Deploy Store applications to a mobile device (Windows 10, iOS, WP, and Android)
5. Deploy LOB/Store applications to a group of users (AAD user groups)
6. Monitor application deployment status

Intune – Service Administration

Microsoft Intune is a cloud-based service within the Enterprise Mobility + Security (EMS) suite that focuses on mobile device management (MDM) and mobile application management (MAM). The list below provides more details.

1. Subscriptions and licenses
2. Apple APN cert Management (Once a year – Use generic mailbox to create APN certs)
3. Reset mobile device authority (In case you want to change MDM authority)
4. Provisioning
5. Domain Management
6. Role-based access controls (RBAC) assignments for different Intune roles
7. Android for Work – configure and set A4W device management
8. Device settings configuration to enable Azure AD join (for Windows 10 devices)
9. MDM auto-enrollment configurations (for Windows 10 devices)
10. Company portal Branding
11. Terms and Conditions setup
12. Windows Hello for Business
13. Enrollment Restriction Rules
14. Service availability
15. Alerts and notifications
16. Reporting – Power BI and OMS

Intune – Mobile Application Management

In Intune, mobile application management (MAM) is a critical component of managing applications on mobile devices. It allows organizations to control and protect corporate data within mobile apps without managing the entire device.

1. MAM Policy creation, edition, and deletion of Managed Applications
2. Deployment/Assignment of managed applications to AAD groups
3. LOB Application Wrapping for iOS and Android managed applications
4. Wrap the LOB apps using iOS SDK
5. Wrap the LOB apps using Android SDK

Intune – Device/Profile Management

In Intune, device and profile management are crucial for maintaining control and security over the organization’s devices. This involves creating, maintaining, updating, deploying, and, when necessary, deleting policies.

1. Configuration policies:-
   Device Restriction
   Wi-Fi Profile
   VPN/Per APP VPN Profile
   SCEP Profiles
   Custom Policies
2. Compliance Policies:-
   iOS Compliance Policies
   Android Compliance Policies
   Windows Compliance Policies
3. Device Life Cycle

• Enroll the mobile devices (iOS, WP, Windows 10, and Android)
• Retire and Wipe Devices

AAD/Intune – Conditional Access

Conditional access is a powerful feature in Azure Active Directory (AAD) and Intune that helps organizations control access to their resources based on certain conditions. The list below provides more details.

1. Create, Maintain, Update, Deploy and Delete CA policies
2. CA for Windows devices
3. CA for Android devices
4. CA for iOS devices
5. CA for MAC OS devices?

Intune/NDES/CA – Company Resource Access

Intune, NDES, and CA enable organizations to implement strong security measures, such as certificate-based authentication, to control access to sensitive data and resources.

1. Exchange on-premises connector
2. Office 365 connector
3. NDES connector

Intune/Analytics – Software Update Management

In Intune, Analytics plays a crucial role in Software Update Management, ensuring that devices are updated with the latest software patches and updates. Intune Analytics provides insights into the update status of devices, allowing administrators to monitor and manage software updates effectively. T

1. Software Update Deployment in the traditional way using Intune client
2. Software Update Scheduling via MDM policies
3. Update Approval using Windows 10 CSPs

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.