Recomendados
Recomendados
Mais conteúdo relacionado
Semelhante a Role-based access control (RBAC) and more
Semelhante a Role-based access control (RBAC) and more (20)
Último
Último (20)
Role-based access control (RBAC) and more
- 1. MC2MC Role-based access control (RBAC) and more @mirkocolemberg
- 3. About me… • Mirko Colemberg Workplace Sommelier • Windows Insider MVP / Endpoint Manager MVP • MVM FY20 Q2 (Most Valuable Mentor) • Contact Me Twitter:https://twitter.com/mirkocolemberg Blog: http://blog.colemberg.ch Mail: mirko.colemberg@basevision.ch
- 4. New Tenant • What to do first? • What’s next • What’s about rights management?
- 6. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
- 10. Scope Tags Tags are used to tag for example objects in Intune. These objects can be devices, policies, profiles and so on. If you have a group of device objects, you can Tag a security Group. If you like to tag every Device it self, it is easier to use a script and do it with Graph API: https://github.com/microsoftgraph/powershell-intune- samples/tree/master/RBAC#12-rbac_scopetags_deviceunassignps1
- 11. Tag something like a Key to Access your House
- 12. Scope tag on a Device
- 13. Scope Group Scope Group means that there are some users or devices to manage such as a limited group of objects like devices (iOS, Android or Windows) or only part of them such as all iOS from Marketing, etc.
- 14. A Group of People to Manage -> adding those to a AAD-Group
- 15. Member Group Member are one persona or a group of people who have to manage the objects in the Scope Group.
- 16. Those are the Engineers – Group to Manage Intune
- 17. Role Roles have different kinds of permissions. A role can have only “Read” rights on specific objects or “Write” or “Create” rights. We can for example grant access to create a new configuration profile or only change a Config profile with reading and writing access. A role can be used multiple times.
- 18. Like a Job Profile
- 19. Role
- 21. Assigenment The Assignment contains Tags, Groups and Group Members. They are assigned to a role, which can only one or even multiple assignments.
- 22. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
- 23. GRAPH
- 24. Intune – Powershell SAMPLES GITHUB https://github.com/microsoftgraph/powershell-intune-samples
- 25. Intune – PowerShell Module Available on GitHub today and in PowerShell Gallery: • https://aka.ms/intunepowershell • https://www.powershellgallery.com/pack ages/Microsoft.Graph.Intune Supports • v1.0 Graph Endpoints • Parameter sets for properties • PowerShell credentials for Authentication • PowerShell Pipeline
- 26. Thank you Share your voice / ideas! • http://microsoftintune.userv oice.com/ • http://configurationmanager. uservoice.com/