Message Center

MC1034571Plan for Change: Intune Service Administrator role will be required for device limit restrictions

This announcement expired on May 31, 2025 and is no longer active in Message Center.

Summary

Starting mid-May 2025, the Intune Service Administrator role will be required to configure device limit enrollment restrictions. Admins without this role will have read-only access. Review and update RBAC assignments to ensure proper permissions.

More information

Updated April 1, 2025: We have updated the rollout timeline below. Thank you for your patience.

Beginning mid-May 2025 (previously mid-April), or soon after, admins will be required to have the ‘Intune Service Administrator’ role-based access control (RBAC) permission to configure device limit enrollment restrictions policy.

How this will affect your organization:

Admins managing these policies will be required to have the ‘Intune Service Administrator’ RBAC permission to update the device limit enrollment restrictions policy. (Devices > Enroll devices > Device limit restrictions). If they do not have this permission, these policies will be read-only.

What you need to do to prepare:

Review your RBAC assignments and update as needed to allow admins permission to update device limit restrictions.

Additional information:

Create device limit restrictions - Microsoft Intune | Microsoft Learn

Role-based access control (RBAC) with Microsoft Intune

Version history

2 versions tracked

Updated 1 time since Mar 17, 2025. Microsoft 365 Message Center only shows the current version; this archive preserves tracked history.

Compare latest to previous (v1)

Compare any two versions

From

Apr 1, 2025 - 07:04 PMLatest - v2
Changed: Body, Tags
Mar 17, 2025 - 11:49 PMOriginal - v1
Changed: Initial version
View this version Compare to latest