Assign a role to an Intune user

You can assign a built-in or custom role to an Intune user.

To create, edit, or assign roles, your account must have one of the following permissions in Azure AD:

  • Global Administrator
  • Intune Service Administrator
  1. In the Microsoft Endpoint Manager admin center, choose Tenant administration > Roles > All roles.

  2. On the Intune roles - All roles blade, choose the built-in role you want to assign > Assignments > Assign.

  3. On the Basics page, enter an Assignment name and optional Assignment description, and then choose Next.

  4. On the Admin Groups page, select the group that contains the user you want to give the permissions to. Choose Next

  5. On the Scope (Groups) page, choose a group containing the users/devices that the member above will be allowed to manage. Choose Next.

  6. On the Scope (Tags) page, choose tags where this role assignment will be applied. Choose Next.

  7. On the Review + Create page, when you're done, choose Create. The new assignment is displayed in the list of assignments.

Next steps