Successfully reported this slideshow.

Role-based access control (RBAC) and more

1

Share

Loading in …3
×
1 of 26
1 of 26

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Role-based access control (RBAC) and more

  1. 1. MC2MC Role-based access control (RBAC) and more @mirkocolemberg
  2. 2. About me… • Mirko Colemberg Workplace Sommelier • Windows Insider MVP / Endpoint Manager MVP • MVM FY20 Q2 (Most Valuable Mentor) • Contact Me Twitter:https://twitter.com/mirkocolemberg Blog: http://blog.colemberg.ch Mail: mirko.colemberg@basevision.ch
  3. 3. New Tenant • What to do first? • What’s next • What’s about rights management?
  4. 4. RBAC in Azure/Intune
  5. 5. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
  6. 6. Overview RBAC
  7. 7. Scope Tags Tags are used to tag for example objects in Intune. These objects can be devices, policies, profiles and so on. If you have a group of device objects, you can Tag a security Group. If you like to tag every Device it self, it is easier to use a script and do it with Graph API: https://github.com/microsoftgraph/powershell-intune- samples/tree/master/RBAC#12-rbac_scopetags_deviceunassignps1
  8. 8. Tag something like a Key to Access your House
  9. 9. Scope tag on a Device
  10. 10. Scope Group Scope Group means that there are some users or devices to manage such as a limited group of objects like devices (iOS, Android or Windows) or only part of them such as all iOS from Marketing, etc.
  11. 11. A Group of People to Manage -> adding those to a AAD-Group
  12. 12. Member Group Member are one persona or a group of people who have to manage the objects in the Scope Group.
  13. 13. Those are the Engineers – Group to Manage Intune
  14. 14. Role Roles have different kinds of permissions. A role can have only “Read” rights on specific objects or “Write” or “Create” rights. We can for example grant access to create a new configuration profile or only change a Config profile with reading and writing access. A role can be used multiple times.
  15. 15. Like a Job Profile
  16. 16. Role
  17. 17. RBAC in Azure/Intune
  18. 18. Assigenment The Assignment contains Tags, Groups and Group Members. They are assigned to a role, which can only one or even multiple assignments.
  19. 19. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
  20. 20. GRAPH
  21. 21. Intune – Powershell SAMPLES GITHUB https://github.com/microsoftgraph/powershell-intune-samples
  22. 22. Intune – PowerShell Module Available on GitHub today and in PowerShell Gallery: • https://aka.ms/intunepowershell • https://www.powershellgallery.com/pack ages/Microsoft.Graph.Intune Supports • v1.0 Graph Endpoints • Parameter sets for properties • PowerShell credentials for Authentication • PowerShell Pipeline
  23. 23. Thank you Share your voice / ideas! • http://microsoftintune.userv oice.com/ • http://configurationmanager. uservoice.com/

×