This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 7.000000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi there,
I am looking to provide access to a Team member who should be limited to only uploading hash files. Would like some help with custom permissions required for this kind of access.
I am trying to configure this via Roles by creating a custom role.
I have this done like that:
Thanks I created this role, then added a group with test user with a created assignment, test user has an intune license and the user was thrown no access error on endpoint.microsoft.com on login. Anything I am missing here ?
@Rookie{} you will also need to assign Enteprise Application called "Microsoft Intune PowerShell" in Entra/AzureAD to the group you assigned customer role of Intune.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Rookie{, Thanks for posting in Q&A.
For the permission, Autopilot device management requires only that you enable all permissions under Enrollment programs, except for the four token management options.
https://video2.skills-academy.com/en-us/mem/autopilot/add-devices#required-permissions
From your description, I notice the permission has been granted. But it is not working. Based as i know RBAC permission has some delay. You can add Role read permission and check under My permission to double confirm if the permission has gotten. If not, wait 1 to 2 days to see if the permission can be applied.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Rookie{, Hope things are going well. I am writing to see if the RBAC is working now. If there's any update, feel free to let us know.