check before: 2025-05-15
Product:
Intune
Platform:
Online, World tenant
Status:
Change type:
Admin impact, Updated message
Links:
Details:
Summary:
Starting mid-May 2025, the Intune Service Administrator role will be required to configure device limit enrollment restrictions. Admins without this role will have read-only access. Review and update RBAC assignments to ensure proper permissions.
Details:
Updated April 1, 2025: We have updated the rollout timeline below. Thank you for your patience.
Beginning mid-May 2025 (previously mid-April), or soon after, admins will be required to have the 'Intune Service Administrator' role-based access control (RBAC) permission to configure device limit enrollment restrictions policy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-03-18
updated:
2025-04-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Starting in mid-May 2025, changes to device limit enrollment restrictions in Microsoft Intune will require administrators to have the "Intune Service Administrator" role, allowing only those with this role to modify settings while others can only view them.
Direct effects for Operations**
Access Control Changes
Admins without the Intune Service Administrator role will have read-only access to device limit enrollment restrictions, potentially leading to unauthorized device enrollments and compliance issues.
- roles: Intune Administrators, Compliance Officers
- references: https://learn.microsoft.com/mem/intune/enrollment/create-device-limit-restrictions, https://learn.microsoft.com/mem/intune/fundamentals/role-based-access-control
User Experience Degradation
If device limit restrictions cannot be updated due to lack of permissions, users may experience issues with device enrollments, leading to frustration and decreased productivity.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/mem/intune/enrollment/create-device-limit-restrictions, https://learn.microsoft.com/mem/intune/fundamentals/role-based-access-control
Increased Support Tickets
The inability to manage device limit restrictions may result in an increase in support tickets from users facing enrollment issues, straining IT resources.
- roles: IT Support Staff, Help Desk Technicians
- references: https://learn.microsoft.com/mem/intune/enrollment/create-device-limit-restrictions, https://learn.microsoft.com/mem/intune/fundamentals/role-based-access-control
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-04-02 | MC Messages | Beginning mid-April 2025, or soon after, admins will be required to have the 'Intune Service Administrator' role-based access control (RBAC) permission to configure device limit enrollment restrictions policy. | Updated April 1, 2025: We have updated the rollout timeline below. Thank you for your patience.
Beginning mid-May 2025 (previously mid-April), or soon after, admins will be required to have the 'Intune Service Administrator' role-based access control (RBAC) permission to configure device limit enrollment restrictions policy. |
| 2025-04-02 | MC Title | Plan for Change: Intune Service Administrator role will be required for device limit restrictions | (Updated) Plan for Change: Intune Service Administrator role will be required for device limit restrictions |
| 2025-04-02 | MC Last Updated | 03/18/2025 00:49:47 | 2025-04-01T21:04:40Z |
| 2025-04-02 | MC MessageTagNames | Admin impact | Updated message, Admin impact |
| 2025-04-02 | MC Summary | Beginning mid-April 2025, admins will need the 'Intune Service Administrator' RBAC permission to configure device limit enrollment restrictions. Without this permission, the policies will be read-only. Review and update your RBAC assignments accordingly. | Starting mid-May 2025, the Intune Service Administrator role will be required to configure device limit enrollment restrictions. Admins without this role will have read-only access. Review and update RBAC assignments to ensure proper permissions. |
Last updated 3 weeks ago
