Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles? In this post, I will discuss Intune Modern Device management roles and responsibilities. I think the first version of Intune is released back in 2011 (or before that), but the large scale adoption of Microsoft Intune started since last two years.
I thought it’s better to spend some time on defining Intune modern device management job roles within an organisation. This post will help to create a baseline for Microsoft Intune R & R for your organisation. In this post, we will see “Intune Teams Roles Responsibilities”.
Modern device management roles are similar to SCCM/ConfigMgr roles but not exactly the same. As a starting point, we can take some of the job roles from SCCM and then expand that list to produce more comprehensive modern device management-related roles and responsibilities. This will also help to build Intune modern device management teams within your organization.
Following are Intune team’s Roles are responsibilities of Intune/AAD/Device management in high level. I have segregated these roles and responsibilities depending on each feature of Intune. As per the requirement of your organisation you can segregate these in to different support organisations.
Maybe some of the tasks can be completed by Intune L1/L2 teams within your organizations. However, some tasks require more technical skills, and those kinds of tasks would be handled by Intune/Device Management L3 teams.
What are Intune Team’s Roles and responsibilities?
Overall I will segregate Intune roles in to two(2). I have a Intune RBAC post that will help you to understand the security permissions needed for each roles.
- Intune Help Desk – First level support
- Intune Admin – Second or Third Level Support
More granular roles and permissions which can help you to define Intune RACI matrix for your organisation.
User Management Application Creation and Deployment/Assignment Service Administration Mobile Application Management Device/Profile Management Conditional Access Company Resource Access Software Update Management
Intune/AAD – User Management – Intune Teams Roles Responsibilities
- On boarding of users (On boarding process will be different for each organizations)
- User Licenses (Assigning licenses can be automated in near future)
- Create, edit or delete Azure Active Directory (AAD) user/Device groups
- Create, edit or delete Azure Active Directory Dynamic user/Device groups
Intune/AAD – Application Creation and Deployment/Assignment
- Upload and Configuring LOB applications (Windows, iOS and Android)
- Upload and Configuring Store applications (Windows, Apple and Google )
- Deploy LOB applications to a computer/mobile devices (iOS, WP and Android)
- Deploy Store applications to a mobile devices (Windows 10, iOS, WP and Android)
- Deploy LOB/Store applications to group of users (AAD user groups)
- Monitor application deployment status
Intune – Service Administration
- Subscriptions and licenses
- Apple APN cert Management (Once in a year – Use generic mail box to create APN certs)
- Reset mobile device authority (In case if you want to change MDM authority)
- Domain Management
- Role Based Access controls (RBAC) assignments for different Intune roles
- Android for Work – configure and setup A4W device management
- Device settings configuration to enable Azure AD join (for Windows 10 devices)
- MDM auto enrollment configurations (for Windows 10 devices)
- Company portal Branding
- Terms and Conditions setup
- Windows Hello for Business
- Enrollment Restriction Rules
- Service availability
- Alerts and notifications
- Reporting – Power BI and OMS
Intune – Mobile Application Management
- MAM Policy creation, edition and deletion of Managed Applications
- Deployment/Assignment of managed application to AAD groups
- LOB Application Wrapping for iOS and Android managed applications
- Wrap the LOB apps using iOS SDK
- Wrap the LOB apps using Android SDK
Intune – Device/Profile Management
Create, Maintain, Update, Deploy and Delete policies
- Configuration policies :-
VPN/Per APP VPN Profile
- Compliance Policies:-
iOS Compliance Policies
Android Compliance Policies
Windows Compliance Policies
- Device Life Cycle
- Enroll the mobile devices (iOS, WP, Windows 10 and Android)
- Retire and Wipe Devices
AAD/Intune – Conditional Access
- Create, Maintain, Update, Deploy and Delete CA policies
- CA for Windows devices
- CA for Android devices
- CA for iOS devices
- CA for MAC OS devices ?
Intune/NDES/CA – Company Resource Access
- Exchange on-premises connector
- Office 365 connector
- NDES connector
Intune/Analytics – Software Update Management
- Software Update Deployment in the traditional way using Intune client
- Software Update Scheduling via MDM policies
- Update Approval using Windows 10 CSPs