I am trying to change the Device Ownership on Endpoint for an iOS device and it says it is saving but not permanently saving as the save button is not being greyed out.
I am not a Global Admin but have the roles that are in the attached screenshot, I have spoken to the Global admins and they can do it fine and we can't figure what is going on.
@KingsleyMoore-4748 Thanks for posting in our Q&A.
For Exchange, Teams and SharePoint Administrator, they are only the admin of these products and they are not have the permission to manage devices in intune portal.
For Helpdesk Administrator, it is a role can change passwords, invalidate refresh tokens, manage service requests, and monitor service health.
For Service Support Administrator, it is a role can open support requests with Microsoft for Azure and Microsoft 365 services, and views the service dashboard and message center.
For User Administrator, it is a role can manage all aspects of users.
For Global Reader, it is a role with only read permission.
We can read the following article to get more information about roles:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#all-roles
So, the above 7 roles, all don't have the permission to change the device ownership. At the same time, I tried assign these 7 roles to my user and it is greyed out in "device ownership".
In our official article, it is needed to use an admin to change the device ownership. Based on my understanding, it means Global Administrator or Intune Administrator.
https://docs.microsoft.com/en-us/mem/intune/enrollment/corporate-identifiers-add#change-device-ownership
Hope it will help you.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@KingsleyMoore-4748 I am currently standing by for further update from you and would like to know how things are going. If you have any questions or concerns on the recent information I've provided you, please don't hesitate to let me know.
Hey and thanks for posting,
In Intune you have different roles that can be applied to a user to enable or disable certain action that can be performed in Intune. You can find out what permissions you have in Intune specifically if you go to: endpoint.microsoft.com -> Tenant Admin -> Roles -> My Permissions
If you want to be able to rename a device, the role you are assigned needs to allow the "set device name" permission that's under "Remote tasks"
https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control
If this helps, please accept the answer
7 people are following this question.
