Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles? I will discuss Intune Modern Device management roles and responsibilities in this post. I think the first version of Intune was released back in 2011 (or before that), but the large-scale adoption of Microsoft Intune started in the last two years.
I thought it’s better to spend some time defining Intune modern device management job roles within an organization. This post will help create a baseline for Microsoft Intune R & R for your organization. In this post, we will see “Intune Teams Roles Responsibilities”.
Modern device management roles are similar to SCCM/ConfigMgr roles but not the same. As a starting point, we can take some of the job roles from SCCM and then expand that list to produce more comprehensive modern device management-related roles and responsibilities. This will also help build Intune modern device management teams within your organization.
Following are Intune team’s Roles are responsibilities of Intune/AAD/Device management at a high level. I have segregated these roles and responsibilities depending on each feature of Intune. You can segregate these into different support organizations per your organization’s requirements.
Maybe some of the tasks can be completed by Intune L1/L2 teams within your organizations. However, some tasks require more technical skills, and those tasks would be handled by Intune/Device Management L3 teams.
What are Intune Team’s Roles and responsibilities?
Overall I will segregate Intune roles into two(2). I have an Intune RBAC post that will help you understand the security permissions needed for each role.
- Intune Help Desk – First level support
- Intune Admin – Second or Third Level Support
More granular roles and permissions can help you to define Intune RACI matrix for your organization.
User Management Application Creation and Deployment/Assignment Service Administration Mobile Application Management Device/Profile Management Conditional Access Company Resource Access Software Update Management
Intune/AAD – User Management – Intune Teams Roles Responsibilities
- Onboarding of users (Onboarding process will be different for each organization)
- User Licenses (Assigning licenses can be automated soon)
- Create, edit or delete Azure Active Directory (AAD) user/Device groups
- Create, edit or delete Azure Active Directory Dynamic user/Device groups
Intune/AAD – Application Creation and Deployment/Assignment
- Upload and Configuring LOB applications (Windows, iOS, and Android)
- Upload and Configuring Store applications (Windows, Apple, and Google )
- Deploy LOB applications to a computer/mobile devices (iOS, WP, and Android)
- Deploy Store applications to a mobile device (Windows 10, iOS, WP, and Android)
- Deploy LOB/Store applications to a group of users (AAD user groups)
- Monitor application deployment status
Intune – Service Administration
- Subscriptions and licenses
- Apple APN cert Management (Once in a year – Use generic mailbox to create APN certs)
- Reset mobile device authority (In case you want to change MDM authority)
- Provisioning
- Domain Management
- Role-Based Access controls (RBAC) assignments for different Intune roles
- Android for Work – configure and setup A4W device management
- Device settings configuration to enable Azure AD join (for Windows 10 devices)
- MDM auto-enrollment configurations (for Windows 10 devices)
- Company portal Branding
- Terms and Conditions setup
- Windows Hello for Business
- Enrollment Restriction Rules
- Service availability
- Alerts and notifications
- Reporting – Power BI and OMS
Intune – Mobile Application Management
- MAM Policy creation, edition, and deletion of Managed Applications
- Deployment/Assignment of managed application to AAD groups
- LOB Application Wrapping for iOS and Android managed applications
- Wrap the LOB apps using iOS SDK
- Wrap the LOB apps using Android SDK
Intune – Device/Profile Management
Create, Maintain, Update, Deploy and Delete policies
- Configuration policies:-
Device Restriction
Wi-Fi Profile
VPN/Per APP VPN Profile
SCEP Profiles
Custom Policies - Compliance Policies:-
iOS Compliance Policies
Android Compliance Policies
Windows Compliance Policies - Device Life Cycle
- Enroll the mobile devices (iOS, WP, Windows 10, and Android)
- Retire and Wipe Devices
AAD/Intune – Conditional Access
- Create, Maintain, Update, Deploy and Delete CA policies
- CA for Windows devices
- CA for Android devices
- CA for iOS devices
- CA for MAC OS devices?
Intune/NDES/CA – Company Resource Access
- Exchange on-premises connector
- Office 365 connector
- NDES connector
Intune/Analytics – Software Update Management
- Software Update Deployment in the traditional way using Intune client
- Software Update Scheduling via MDM policies
- Update Approval using Windows 10 CSPs
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
Notify me for new topics
Hi Anandh – There are several options to get notified about posts in this site.
1. Check out option for “Subscribe to Blog via Email” – this will send you an email whenever we publish a post
2. Like our Facebook page to notify about Videos and new posts https://www.facebook.com/ConfigMgr2012/
3. Follow me on Twitter – https://twitter.com/anoopmannur
4. Connect with me via LinkedIn – https://www.linkedin.com/in/anoopcnair/
5. Google Plus – https://plus.google.com/+Anoopcnair
6. YouTube – https://www.youtube.com/user/AnoopMannur/
Is this updated one or pretty old
What is the information you are looking for pls ?
Looking for roles and responsibilities for latest Intune.. As we know changes happen with additional capabilities such as managing bitlocker, patching, security firewall, windows defender management..
Ok. Those are not covered in this post. But you might be able to get more details from ignite video mentioned in the following post https://www.anoopcnair.com/intune-reporting-strategies-advanced-reporting/
Question – is there a specific role to allow only to Wipe and Sync an iOS device?
I think you can create custom roles for wiping the iOS devices and scope tags
Is there a custom role setting for admins to only be able to wipe Mobile devices and not Computers ?
I don’t have anything ready for this particular scenario. But you can refer to sample one here. I have created Intune custom admin role for helpdesk user https://howtomanagedevices.com/sccm/2066/custom-intune-helpdesk-operator/