Intune – New administration role available

A new administration role for Intune has been made available – Endpoint Security Manager.

This new role is an extension of the the Security Administrator role, to allow you

The associated permissions with this new Endpoint Security Manager are:

  1. Read, Create, Update, Delete, and Assign Device Compliance Policies
  2. Read, Delete, and Update Managed devices
  3. Read, Create, Update, Delete, and Assign Security baselines
  4. Read and Update Security tasks

You can start using this new role by assigning to the groups/users you need using either the Azure portal by then going to the Intune service ( or the Endpoint/Device Manager portal ( and then going to RolesAll Roles configuration blade

image_thumb[2]  image_thumb[3]