You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/remote-help-windows.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -391,7 +391,7 @@ Microsoft Edge WebView2 is required to use Remote Help. If you get an error mess
391
391
392
392
## Known Issues
393
393
For remotely starting a session on the user's device, notifications that are sent to the sharer's device when a helper launches a Remote Help session fails if the Microsoft Intune Management Service isn't running.
394
-
After the user's device is restarted, there's a delay for the service to start. You can either manually wait for the service to start (30-60 seconds after restart), or manually start the service through services.msc.
394
+
After the user's device is restarted, there's a delay for the service to start. You can either manually wait for the service to start (30 minutes after restart), or manually start the service through services.msc.
395
395
For newly enrolled devices, there's a 1 hour delay before the user's device begins receiving notifications when a helper initiates a session.
Copy file name to clipboardExpand all lines: memdocs/intune/fundamentals/role-based-access-control.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,6 +38,7 @@ To create, edit, or assign roles, your account must have one of the following pe
38
38
39
39
-**Global Administrator**
40
40
-**Intune Service Administrator** (also known as **Intune Administrator**)
41
+
- An Intune role with Role permissions
41
42
42
43
## Roles
43
44
@@ -76,6 +77,9 @@ You can create your own roles with custom permissions. For more information abou
76
77
77
78
### Microsoft Entra roles with Intune access
78
79
80
+
Microsoft recommends following the principle of least-permissions by only assigning the minimum required permissions for an administrator to perform their duties. Global Administrator and Intune Service Administrator
81
+
are [privileged roles](/entra/identity/role-based-access-control/privileged-roles-permissions) and assignment should be limited.
82
+
79
83
| Microsoft Entra role | All Intune data | Intune audit data |
80
84
| --- | :---: | :---: |
81
85
| Global Administrator | Read/write | Read/write |
@@ -101,13 +105,13 @@ A role assignment defines:
101
105
- what resources they can see
102
106
- what resources they can change.
103
107
104
-
You can assign both custom and built-in roles to your users. To be assigned an Intune role, the user must have an Intune license.
108
+
You can assign both custom and built-in roles to your users who are administrators in Intune. To be assigned an Intune role, the user must have an Intune license.
105
109
To see a role assignment, choose **Intune** > **Tenant administration** > **Roles** > **All roles** > choose a role > **Assignments** > choose an assignment. On the **Properties** page, you can edit:
106
110
107
111
-**Basics**: The assignments name and description.
108
112
-**Members**: All users in the listed Azure security groups have permission to manage the users/devices that are listed in Scope (Groups).
109
113
-**Scope (Groups)**: Scope Groups are Microsoft Entra security groups of users or devices or both for which administrators in that role assignment are limited to performing operations on. For example, deployment of a policy or application to a user or remotely locking a device. All users and devices in these Microsoft Entra security groups can be managed by the users in Members.
110
-
-**[Scope (Tags)](scope-tags.md)**: Users in Members can see the resources that have the same scope tags.
114
+
-**[Scope Tags](scope-tags.md)**: Users in Members can see the resources that have the same scope tags.
111
115
112
116
> [!NOTE]
113
117
> Scope Tags are freeform text values that an administrator defines and then adds to a Role Assignment. The scope tag added on a role controls visibility of the role itself, while the scope tag added in role assignment limits the visibility of Intune objects (such as policies and apps) or devices to only administrators in that role assignment because the role assignment contains one or more matching scope tags.
Copy file name to clipboardExpand all lines: windows-365/enterprise/whats-new.md
-10Lines changed: 0 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,16 +55,6 @@ For more information about public preview items, see [Public preview in Windows
55
55
### Windows 365 app
56
56
-->
57
57
58
-
<!-- ########################## -->
59
-
## Week of October 7, 2024
60
-
61
-
<!-- vvvvvvvvvvvvvvvvvvvvvv -->
62
-
### Device management
63
-
64
-
#### Call redirection<!--53718424-->
65
-
66
-
Windows 365 now supports multimedia redirection call redirection. For more information, see [Use multimedia redirection](/azure/virtual-desktop/multimedia-redirection).
67
-
68
58
<!-- ########################## -->
69
59
## Week of September 30, 2024 (Service release 2409)
0 commit comments