A new administration role for Intune has been made available – Endpoint Security Manager.
This new role is an extension of the the Security Administrator role, to allow you
The associated permissions with this new Endpoint Security Manager are:
- Read, Create, Update, Delete, and Assign Device Compliance Policies
- Read, Delete, and Update Managed devices
- Read, Create, Update, Delete, and Assign Security baselines
- Read and Update Security tasks
You can start using this new role by assigning to the groups/users you need using either the Azure portal by then going to the Intune service (https://portal.azure.com/) or the Endpoint/Device Manager portal (https://devicemanagement.microsoft.com/) and then going to RolesAll Roles configuration blade