Close Menu
    Facebook X (Twitter) Instagram
    Tuesday, May 20
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Intune»App protection policies»Intune RBAC role permissions to wipe only corporate data from Intune-managed apps

    Intune RBAC role permissions to wipe only corporate data from Intune-managed apps

    Eswar KonetiBy Eswar KonetiMay 27, 10:19 am2 Mins Read App protection policies 8,871 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Role-based access control (RBAC) helps you manage who has access to your organization’s resources and what they can do with those resources. By assigning roles to your Intune users, you can limit what they can see and change. Each role has a set of permissions that determine what users with that role can access and change within your organization.

    To create, edit, or assign roles, your account must have one of the following permissions in Azure AD:

    • Global Administrator
    • Intune Service Administrator (also known as Intune Administrator)

    we are into MAM ONLY and no device enrollment. When a device is lost or stolen, or if the employee leaves your company, you want to make sure company app data is removed from the device. But you might not want to remove personal data on the device, especially if the device is an employee-owned device.

    To perform selective wipe, the user who perform the action must have enough intune permissions. It is not possible to give intune admin role instead, we ca make use of RBAC to create require permissions to perform selective wipe only.

    Following are the RBAC permissions needed to perform selective wipe task.

    add Custom role with following permissions.

    Managed apps: select Read ,wipe to Yes

    image

    Managed devices: Select read to Yes

    image

    Mobile App: Select Read to Yes

    image

    Once you create the RBAC role, assign it to AD sec group with scope target to group . To know more about scope tags in intune ,read https://docs.microsoft.com/en-us/intune/scope-tags

    How to wipe only corporate data from Intune-managed apps https://docs.microsoft.com/en-us/intune/apps-selective-wipe

    Reference:

    Role-based access control (RBAC) with Microsoft Intune https://docs.microsoft.com/en-us/intune/role-based-access-control

    corporate data intune intune managed apps intune RBAC role remove company data using intune selective wipe support desk wipe
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.