The situation I find myself in is that all access to things in Azure are controlled by our Identity and Access Management team and it is a bit of a battle to get delegated access to the things we need to begin using such as Endpoint Analytics, Intune, etc. The documentation/demos almost always show the setup from a global admin perspective and do not dive into the global admin delegating permissions to various groups and how those permissions a limited in scope.

 

Are there resources that can be shared that highlight the process, ease, and security limitations of granting access to device management staff to administer these services as well as granting access for other limited roles (e.g. Help Desk)? Being able to demonstrate that setup of these cloud services will take minimal staff time for a global administrator and will not have security concerns for the rest of Azure-dependent services would greatly assist in getting to use these services sooner rather than later.

 

Thank you!