Intune – Additional permissions for the Endpoint Security Manager role

As you know, you can delegate permissions to allow certain administrative or management tasks using RBAC (Role Based Access Control) on Intune/Endpoint Configuration Manager.

Well, new permissions have been added to the Endpoint Security Manager role:

  • Initiate Configuration Manager action
  • Microsoft Defender ATP
  • Reboot now
  • Remote lock
  • Rotate BitLockerKeys (preview)
  • Rotate FileVault key
  • Shut down
  • Sync devices

If you are using the built-in Endpoint Security Manager role, you have nothing to do, except maybe some communication to the delegates.

If you are using custom role to delegate permissions, you may have to update your custom role to reflect these new permissions.