Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles? I will discuss Intune Modern Device management roles and responsibilities in this post. Although the first version of Intune was released in 2011 (or before that), the large-scale adoption of Microsoft Intune started in the last two years.  

I thought it would be better to spend some time defining Intune modern device management job roles within an organization. This post will help create a baseline for Microsoft Intune R & R for your organization. In this post, we will see “Intune Teams Roles Responsibilities“.  

Modern device management roles are similar to SCCM/ConfigMgr roles but not the same. As a starting point, we can take some of the job roles from SCCM and then expand that list to produce more comprehensive modern device management-related roles and responsibilities. This will also help build Intune modern device management teams within your organization.

This post explains the roles and responsibilities in Intune Teams Endpoint Manager, focusing on the default roles provided by Microsoft Intune. These roles define the permissions and tasks that users can perform within Intune.

Patch My PC

This covers many hours-long training videos and Free Intune Design Decisions Training Videos. We also provide Free SCCM Training. We have also prepared the Top 50 Latest SCCM Interview Questions and Answers and Top 50 Latest Intune Interview Questions And Answers.

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles

The following are the Intune team’s roles and responsibilities in Intune/AAD/Device management at a high level. I have segregated these roles and responsibilities depending on each feature of Intune. You can segregate these into different support organizations per your organization’s requirements.

Intune L1/L2 teams within your organizations may complete some tasks. However, some tasks require more technical skills, which Intune/Device Management L3 teams would handle.  

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.1
Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.1

What are the Intune Team’s Roles and responsibilities?

Overall, I will segregate Intune roles into two(2). I have an Intune RBAC post to help you understand the security permissions needed for each role. More granular roles and permissions can help you define the Intune RACI matrix for your organization.

Adaptiva
  1. Intune Help Desk – First-level support
  2. Intune Admin – Second or Third-Level Support
User Management
Application Creation and Deployment/Assignment
Service Administration
Mobile Application Management
Device/Profile Management
Conditional Access
Company Resource Access
Software Update Management

Intune/AAD – User Management – Intune Teams Roles Responsibilities

Understanding the roles and responsibilities is crucial in managing Intune and Azure Active Directory (AAD) user accounts. Intune Teams provide various roles with specific responsibilities to ensure smooth user management.

Intune/AAD – User Management
Onboarding of users (The onboarding process will be different for each organization)
User Licenses (Assigning licenses can be automated soon)
Create, edit or delete Azure Active Directory (AAD) user/Device groups
Create, edit or delete Azure Active Directory Dynamic user/Device groups
Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Table 1

    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.2
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.2

    Intune/AAD – Application Creation and Deployment/Assignment

    In Intune and Azure Active Directory (AAD), creating and deploying/assigning applications is crucial to managing your organization’s devices. You need to develop applications and then deploy or assign them to users or devices regarding application management.

    1. Upload and Configure LOB applications (Windows, iOS, and Android)
    2. Upload and Configuring Store applications (Windows, Apple, and Google )
    3. Deploy LOB applications to a computer/mobile devices (iOS, WP, and Android)
    4. Deploy Store applications to a mobile device (Windows 10, iOS, WP, and Android)
    5. Deploy LOB/Store applications to a group of users (AAD user groups)
    6. Monitor application deployment status
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.3
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.3

    Intune – Service Administration

    Microsoft Intune is a cloud-based service within the Enterprise Mobility + Security (EMS) suite that focuses on mobile device management (MDM) and mobile application management (MAM). The list below provides more details.

    1. Subscriptions and licenses
    2. Apple APN cert Management (Once a year – Use generic mailbox to create APN certs)
    3. Reset mobile device authority (In case you want to change MDM authority)
    4. Provisioning
    5. Domain Management
    6. Role-based access controls (RBAC) assignments for different Intune roles
    7. Android for Work – configure and set A4W device management
    8. Device settings configuration to enable Azure AD join (for Windows 10 devices)
    9. MDM auto-enrollment configurations (for Windows 10 devices)
    10. Company portal Branding
    11. Terms and Conditions setup
    12. Windows Hello for Business
    13. Enrollment Restriction Rules
    14. Service availability
    15. Alerts and notifications
    16. Reporting – Power BI and OMS
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.4
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.4

    Intune – Mobile Application Management

    In Intune, mobile application management (MAM) is a critical component of managing applications on mobile devices. It allows organizations to control and protect corporate data within mobile apps without managing the entire device.

    1. MAM Policy creation, edition, and deletion of Managed Applications
    2. Deployment/Assignment of managed applications to AAD groups
    3. LOB Application Wrapping for iOS and Android managed applications
    4. Wrap the LOB apps using iOS SDK
    5. Wrap the LOB apps using Android SDK

    Intune – Device/Profile Management

    In Intune, device and profile management are crucial for maintaining control and security over the organization’s devices. This involves creating, maintaining, updating, deploying, and, when necessary, deleting policies.

    1. Configuration policies:-
      Device Restriction
      Wi-Fi Profile
      VPN/Per APP VPN Profile
      SCEP Profiles
      Custom Policies
    2. Compliance Policies:-
      iOS Compliance Policies
      Android Compliance Policies
      Windows Compliance Policies
    3. Device Life Cycle
    • Enroll the mobile devices (iOS, WP, Windows 10, and Android)
    • Retire and Wipe Devices
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.5
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.5

    AAD/Intune – Conditional Access

    Conditional access is a powerful feature in Azure Active Directory (AAD) and Intune that helps organizations control access to their resources based on certain conditions. The list below provides more details.

    1. Create, Maintain, Update, Deploy and Delete CA policies
    2. CA for Windows devices
    3. CA for Android devices
    4. CA for iOS devices
    5. CA for MAC OS devices?
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles - Fig.6
    Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles – Fig.6

    Intune/NDES/CA – Company Resource Access

    Intune, NDES, and CA enable organizations to implement strong security measures, such as certificate-based authentication, to control access to sensitive data and resources.

    1. Exchange on-premises connector
    2. Office 365 connector
    3. NDES connector

    Intune/Analytics – Software Update Management

    In Intune, Analytics plays a crucial role in Software Update Management, ensuring that devices are updated with the latest software patches and updates. Intune Analytics provides insights into the update status of devices, allowing administrators to monitor and manage software updates effectively. T

    1. Software Update Deployment in the traditional way using Intune client
    2. Software Update Scheduling via MDM policies
    3. Update Approval using Windows 10 CSPs

    We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

    Author

    Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

    10 thoughts on “Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles”

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.