Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles

Intune Teams Roles Responsibilities Endpoint Manager | Microsoft Intune Default Roles? I will discuss Intune Modern Device management roles and responsibilities in this post. I think the first version of Intune was released back in 2011 (or before that), but the large-scale adoption of Microsoft Intune started in the last two years.  

I thought it’s better to spend some time defining Intune modern device management job roles within an organization. This post will help create a baseline for Microsoft Intune R & R for your organization. In this post, we will see “Intune Teams Roles Responsibilities”.  

Modern device management roles are similar to SCCM/ConfigMgr roles but not the same. As a starting point, we can take some of the job roles from SCCM and then expand that list to produce more comprehensive modern device management-related roles and responsibilities. This will also help build Intune modern device management teams within your organization.  

Following are Intune team’s Roles are responsibilities of Intune/AAD/Device management at a high level. I have segregated these roles and responsibilities depending on each feature of Intune. You can segregate these into different support organizations per your organization’s requirements.

Maybe some of the tasks can be completed by Intune L1/L2 teams within your organizations. However, some tasks require more technical skills, and those tasks would be handled by Intune/Device Management L3 teams.  

What are Intune Team’s Roles and responsibilities?

Overall I will segregate Intune roles into two(2). I have an Intune RBAC post that will help you understand the security permissions needed for each role.

1. Intune Help Desk – First level support
2. Intune Admin – Second or Third Level Support

More granular roles and permissions can help you to define Intune RACI matrix for your organization.

User Management
Application Creation and Deployment/Assignment
Service Administration
Mobile Application Management
Device/Profile Management
Conditional Access
Company Resource Access
Software Update Management

Intune/AAD – User Management – Intune Teams Roles Responsibilities

1. Onboarding of users (Onboarding process will be different for each organization)
2. User Licenses (Assigning licenses can be automated soon)
3. Create, edit or delete Azure Active Directory (AAD) user/Device groups
4. Create, edit or delete Azure Active Directory Dynamic user/Device groups

Intune/AAD – Application Creation and Deployment/Assignment

1. Upload and Configuring LOB applications (Windows, iOS, and Android)
2. Upload and Configuring Store applications (Windows, Apple, and Google )
3. Deploy LOB applications to a computer/mobile devices (iOS, WP, and Android)
4. Deploy Store applications to a mobile device (Windows 10, iOS, WP, and Android)
5. Deploy LOB/Store applications to a group of users (AAD user groups)
6. Monitor application deployment status

Intune – Service Administration

1. Subscriptions and licenses
2. Apple APN cert Management (Once in a year – Use generic mailbox to create APN certs)
3. Reset mobile device authority (In case you want to change MDM authority)
4. Provisioning
5. Domain Management
6. Role-Based Access controls (RBAC) assignments for different Intune roles
7. Android for Work – configure and setup A4W device management
8. Device settings configuration to enable Azure AD join (for Windows 10 devices)
9. MDM auto-enrollment configurations (for Windows 10 devices)
10. Company portal Branding
11. Terms and Conditions setup
12. Windows Hello for Business
13. Enrollment Restriction Rules
14. Service availability
15. Alerts and notifications
16. Reporting – Power BI and OMS

Intune – Mobile Application Management

1. MAM Policy creation, edition, and deletion of Managed Applications
2. Deployment/Assignment of managed application to AAD groups
3. LOB Application Wrapping for iOS and Android managed applications
4. Wrap the LOB apps using iOS SDK
5. Wrap the LOB apps using Android SDK

Intune – Device/Profile Management

Create, Maintain, Update, Deploy and Delete policies

1. Configuration policies:-
   Device Restriction
   Wi-Fi Profile
   VPN/Per APP VPN Profile
   SCEP Profiles
   Custom Policies
2. Compliance Policies:-
   iOS Compliance Policies
   Android Compliance Policies
   Windows Compliance Policies
3. Device Life Cycle

• Enroll the mobile devices (iOS, WP, Windows 10, and Android)
• Retire and Wipe Devices

AAD/Intune – Conditional Access

1. Create, Maintain, Update, Deploy and Delete CA policies
2. CA for Windows devices
3. CA for Android devices
4. CA for iOS devices
5. CA for MAC OS devices?

Intune/NDES/CA – Company Resource Access

1. Exchange on-premises connector
2. Office 365 connector
3. NDES connector

Intune/Analytics – Software Update Management

1. Software Update Deployment in the traditional way using Intune client
2. Software Update Scheduling via MDM policies
3. Update Approval using Windows 10 CSPs

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…