Role-based access control
Role-based access control (RBAC) helps you manage who has access to your organization's resources and what they can do with those resources. You can assign roles for your Cloud PCs by using the Microsoft Endpoint Manager admin center.
For more information, see Role-based access control (RBAC) with Microsoft Intune.
Windows 365 Admin role
Windows 365 supports the Windows 365 Admin role available for role assignment through the Microsoft Admin Center and Azure Active Directory (Azure AD). With this role, you can manage Windows 365 Cloud PCs for both Enterprise and Business editions. The Windows 365 Admin role can grant more scoped permissions than other Azure AD roles like Global Administrator. For more information, see Azure AD built-in roles.
Cloud PC built-in roles
Two built-in roles are available for Cloud PC:
Cloud PC Administrator: Manages all aspects of Cloud PCs, like:
- OS image management
- On-premises network connection configuration
Cloud PC Reader: Views Cloud PC data available in the Cloud PC node in Microsoft Endpoint Manager, but can’t make changes.
Custom roles (public preview)
To create a provisioning policy, an admin needs the following permissions:
Provisioning Policy Read/Create
On-premises network connection Read
Supported region Read
Image Read permissions