Intune – Additional permissions for the Endpoint Security Manager role
As you know, you can delegate permissions to allow certain administrative or management tasks using RBAC (Role Based Access Control) on...
A new administration role for Intune has been made available – Endpoint Security Manager.
This new role is an extension of the the Security Administrator role, to allow you
The associated permissions with this new Endpoint Security Manager are:
- Read, Create, Update, Delete, and Assign Device Compliance Policies
- Read, Delete, and Update Managed devices
- Read, Create, Update, Delete, and Assign Security baselines
- Read and Update Security tasks
You can start using this new role by assigning to the groups/users you need using either the Azure portal by then going to the Intune service (https://portal.azure.com/) or the Endpoint/Device Manager portal (https://devicemanagement.microsoft.com/) and then going to RolesAll Roles configuration blade
![image_thumb[2]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb2-63.png "image_thumb[2]")
![image_thumb[3]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb3-56.png "image_thumb[3]")
![image_thumb[4]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb4-43.png "image_thumb[4]")