Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Adding and Managing Administrators in Windows Intune

Updated: October 1, 2013

Applies To: Windows Intune

You can use the Windows Intune administrator console to elevate an existing user to a service administrator, which grants that user administrative access to the Windows Intune administrator console.

You can grant a service administrator either of the following levels of access:

  • Full access: These administrators have full administrative rights to the Windows Intune administrator console, including adding or deleting other service administrators.

  • Read-only access: These administrators have read-only rights to the Windows Intune administrator console. They cannot modify any data; they can only view data and run reports.

Before you can elevate a user to service administrator, the user must meet the following requirements:

You can also add Windows Intune administrators from an external service, such as Microsoft Online Services. These administrators are called tenant administrators. Because tenant administrators are not created within Windows Intune, you cannot modify or delete them by using the Windows Intune administrator console. You must manage tenant administrators from the site at which they were originally created. To add, delete, or manage tenant administrators, you must sign in to your account at Microsoft Online Services Subscriptions.

Tenant administrators have full administrative rights to the Windows Intune administrator console, including adding or deleting other service administrators.

To add a service administrator

  1. Open the Windows Intune administrator console.

  2. In the workspace shortcuts pane, click the Administration icon.

  3. In the navigation pane, click Administrator Management.

  4. In the Tasks list, click Add Service Administrator.

  5. In the Add Service Administrator dialog box, for the user you want to elevate to service administrator, enter one of the following in the User ID box:

    • If the user was added from AD DS, enter the user principal name (UPN).

    • If the user was added from another source, enter the user ID of the user for Microsoft Online Services.

  6. Under Access permissions, select one of the following:

    • Full access enables the service administrator to perform all operations in the console, including adding or deleting other service administrators.

    • Read-only access enables the service administrator to view the data in the console and run reports, but not to modify any data.

  7. Click OK.

Managing Service Administrators

After you have added one or more service administrators, you can view the service administrator information in the Administrators list on the Service Administrators page in the Windows Intune administrator console. For each service administrator, you can view the administrator’s display name, user ID, and level of access permission to the Windows Intune administrator console.

You can also use the taskbar on the Service Administrators page to change the access level for a service administrator or delete a service administrator.

ImportantImportant
When a service administrator, either Read Only or Full, is soft-deleted from Active Directory and then recovered, the user’s service administrator role is not recovered. You must reassign the user to be a Read Only or Full service administrator.

noteNote
When you delete a service administrator from Windows Intune, that user can no longer access the Windows Intune administrator console; however, the user is not deleted from the Windows Intune service. You can still view that user in the All Users list in the Groups workspace.

See Also

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.