In this post, you will learn how to set up Role-based Access Controls for Endpoint Privilege Management in Intune. By using Endpoint Privilege Management, users no longer need to be given local master rights. Instead, users can work with normal account rights and can automatically gain admin capabilities when they need to do approved administration work.

With Microsoft Intune Endpoint Privilege Management (EPM), people in your business can work as regular users without management rights and do jobs that need higher powers.

Microsoft gives IT managers the tools they need to help their workers in the new mixed setting, which lowers costs for support. This means that jobs like adding approved apps, printers, or other devices can be done securely without contacting the IT staff. This saves time and money in the long run.

Role-based access control (RBAC) lets your organization’s Intune Administrators handle and control the rights they give to people to do different Intune jobs. This includes a set of twelve (12) built-in Intune roles, also called RBAC roles, that are already set up. These roles include access to device permission management and other vital tasks.

Endpoint Privilege Management uses two kinds of rules that you can set up to control how file elevation requests are handled. These rules describe what happens when regular users try to run apps or tasks with administrator rights.

Intune RBAC for Endpoint Privilege Management

To set up rules and look at data for Endpoint Privilege Management in Intune, your account needs to have the right abilities. Here is a guide on reviewing and giving the required rights for handling Endpoint Privilege Management controls.

To begin, Sign-in to the Microsoft Intune admin centre by visiting https://intune.microsoft.com/. Once signed in, follow these steps:

  1. Navigate to “Tenant administration” within the admin centre.
  2. Click on “Roles” to access the role management section.

In the All Tasks section, you can see all the built-in roles and unique roles made for the user. The built-in roles for Endpoint Security handle and Endpoint Privilege Manager handle rules for people or devices.

Endpoint Privilege Manager: Uses the Intune console to manage Endpoint Privilege Management rules.

Endpoint Privilege Reader: Privilege Endpoint In the Intune dashboard, readers can see Endpoint Privilege Management rules.

To handle Endpoint Privilege Management well, you need to give your account an Intune role-based access control (RBAC) role with the right permission level and enough rights to do the job you want.

Authoring Policies for Endpoint Privilege Management

The permission you need to choose for working with Endpoint Privilege Management rules, data, and reports. It gives you the permissions you need to do the following:

  • View Reports
  • Read
  • Create
  • Update
  • Delete
  • Assign

Endpoint Privilege Management is easy to manage with a built-in RBAC role, or you can add this permission with one or more rights to your own custom RBAC roles.

Endpoint Privilege Manager: This built-in role help to manage Endpoint Privilege Management in the Intune console. This job gives you all the rights to write Endpoint Privilege Management Policy.

Endpoint Privilege Reader: With this built-in job, you can look at Endpoint Privilege Management rules and data in the Intune dashboard. For Endpoint Privilege Management Policy Authoring, following rights come with:

  • View Reports
  • Read
The built-in roles, Endpoint Privilege Manager or Reader, are accessible to directly assign to groups without requiring any additional configuration. However, it is important to note that a built-in role’s name, description, type, and make permissions disable to modify or delete. These roles have predefined settings and cannot be altered regarding their core attributes.

Endpoint Privilege Management Policy Authoring rights come with the following built-in jobs for Intune, including specialization roles:

Endpoint Security Manager: Takes care of security and compliance features like security baselines, device compliance, limited access, and Microsoft Defender for Endpoint. This job includes all the rights for Endpoint Privilege Management Policy Authoring.

Read Only Operator: For Endpoint Privilege Management Policy Authoring, this job comes with the following rights:

  • View Reports
  • Read

Enhance Endpoint Privilege Management with us.

In order to get the most out of Intune, you will need a Solutions Partner.

At TECHOM Systems, we are here to help your organization set up and get the most out of Intune Role-based Access Controls for Endpoint Privilege Management. Our pros will help you set up the right RBAC jobs safely and effectively to handle them. With our relationship, you can use Intune’s powerful features to increase computer protection and move your business forward.

Discover how we can enhance your Endpoint Privilege Management. Schedule your free consultation with our expert and unlock tailored support today!