Hello,
I am new to intune.
I have 2 questions that I think are tied together to something I'm missing or didn't find good documentation on.
Little background : I work for a company with offices and IT teams split between several locations.
All offices use the same Azure tenant. Somes offices are using on-prem AD synched with the tenant by adconnect, others are using fully Azure AD identity management.
We plan to join the windows device of all offices into azure ad and manage them using intune (MEM ?). Using that have AD on-prem will join devices as hybrid by GPO, others will use provisioning packages.
We also want to be able to give each office RBAC to enable them to see and manage only their devices and policies.
I've followed MS docs to manage RBACS with scope tags and it's working fine, but for now when I (or anyone else) enroll a new windows device, the device get only the default scope tag. How can I apply differents scope tags based on which users enroll devices ? Is there any other ways to do it ?
Which leads me to my second question : windows company portal store app
- What is it needed for, exactly ?
- Can I have the company portal store app apply the scope tag automaticaly depending on which user is logged ?
- How does that work with hybrid-join // provisioning package ?
Thanks for reading