How to Configure Multiple Admin Approvals In Intune
In this post, you’ll learn how to configure multiple admin approvals in Intune. You can use the access policies to require multiple administrative approvals (MAAs) over Intune resources.
We will go through the process step-by-step to understand what multiple admin approvals in Intune are, who can create and approve MAA policies in Intune, how to create an access policy, submit a request, and get an approval.
Multiple Admin Approvals is a new feature introduced in the Microsoft Intune November (2211) service release. With MAA, you configure access policies that protect specific configurations, like apps or scripts for devices. This feature is currently in public preview. You can try out this new feature in your Intune tenant and let Microsoft know what you think. The general availability of this feature will be announced by Microsoft soon.
If you are using Configuration Manager, you can approve application requests for users and approve SCCM application requests via email. Multiple Admin Approvals is Intune is more advanced and offers way more features.
https://forum.parole-et-resilience.fr/thread-2438.html
https://vynuogininkuforumas.lt/showthread.php?tid=8768
https://forum.usa55holes.com/showthread.php?tid=7741
https://mcmon.ru/showthread.php?tid=2229
https://ordemdospsicologos.org/forum/showthread.php?tid=1761
https://zinaramirez.com/mybb/thread-2491.html
http://forum.icohaberleri.com/showthread.php?tid=60
https://socalireefer.com/forum/showthread.php?tid=7719
https://tnterci.com.br/mybb/showthread.php?tid=8942
https://remont.biz.pl/forum/thread-141233.html
https://forum.resmihat.kz/viewtopic.php?t=76128
https://forum.resmihat.kz/viewtopic.php?t=215487
https://forum.resmihat.kz/viewtopic.php?t=64823
https://www.darkquarterer.it/forum/viewtopic.php?t=251050
https://www.darkquarterer.it/forum/viewtopic.php?t=241912
https://www.darkquarterer.it/forum/viewtopic.php?t=251792
https://denniss.forum2go.nl/viewtopic.php?t=21088
https://denniss.forum2go.nl/viewtopic.php?t=56919
https://denniss.forum2go.nl/viewtopic.php?t=34701
Table of Contents
- What is Multiple Administrative Approval (MAA)?
- Who can Create and Approve Requests?
- How to Configure Multiple Admin Approvals In Intune
- Step 1: Create Access Policy for MAA in Intune
- Step 2: Submit a Request
- Step 3: Approve Requests
- Step 4: Monitor the Status of your Requests
- Intune Multiple Administrator Approval Statuses
- Conclusion
What is Multiple Administrative Approval (MAA)?
To help protect against a compromised administrative account, use Intune access policies to require that a second administrative account is used to approve a change before the change is applied. This capability is known as multiple administrative approval (MAA).
You can set up access policies with MAA to safeguard particular device configurations like apps or scripts. What is protected and which group of accounts is allowed to approve modifications to those resources are both specified by access policies.
When an access policy-protected resource is changed by any account in the Tenant, Intune won’t make the change effective until a different account explicitly approves it. Changes can only be approved by administrators who are a part of an approval group that has been given a protected resource by an access protection policy. Change requests may also be rejected by approvers.
Currently, the access policies in Intune are supported only for the following resources:
- Apps: Applies to app deployments, but doesn’t apply to app protection policies.
- Scripts: Applies to deploying scripts to devices that run macOS or Windows.
Who can Create and Approve Requests?
To create an MAA access policy, the account must be assigned the Intune Service Administrator or Azure Global Administrator role. Only these two roles have the permissions to create MAA policies in Intune.
To approve MAA policies, an account must be in the group that’s assigned to the access policy for a specific type of resource. Ensure the user is part of the group that can approve requests before you test the admin approvals in Intune.
How to Configure Multiple Admin Approvals In Intune
We will now go through the steps to configure multiple admin approvals in Intune. There are many steps involved in getting Multiple Administrative Approvals to work. We will go through each step and understand how to configure the admin approvals in Intune.
Step 1: Create Access Policy for MAA in Intune
Perform the following steps to create an access policy for multiple administrative approvals in Intune:
- Launch the browser and sign-in to the Intune Portal.
- Go to Tenant administration > Multi Admin Administration > Access policies and select Create.
On the Basics page, provide a Name, and optional Description. For the Profile type, there are two options available: Apps and Scripts. Select Apps from the available options. Each policy supports a single profile type. Click Next.
On the Approvers page, select Add groups and then select a group as the group of approvers for this policy. More complex configurations that exclude groups aren’t supported. Click Next.
On the Review + Create page, review the access policy, and then save your changes. After this policy is applied by Intune, configurations for the protected profile type will need approval from more than one admin.
A message stating that multiple admin approvals were successfully created can be seen in the console’s upper-right corner. All the access policies that you have created will appear under the Tenant Admin > Multiple Admin Approval blade of the Intune console.
https://mmpulawy.sugester.pl/313973-Rozklad-jazdy-MZK?order=popular
http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=9&t=167881&p=272686
http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=9&p=272261
http://www.hertha03-fz2.de/phpBB3/viewtopic.php?p=307
http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=3&p=249411
http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=20&p=731410
http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=8&t=233523
http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=12&t=71654&start=0
http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=8&t=23700
https://casualvalueinvestor.com/forum/index.php?topic=128230.0
https://casualvalueinvestor.com/forum/index.php?topic=119356.0
https://casualvalueinvestor.com/forum/index.php?topic=118697.0
https://casualvalueinvestor.com/forum/index.php?topic=124998.0
http://www.skillcoach.org/forums/topic/81066/digitizing-services-for-embroidery
http://www.skillcoach.org/forums/topic/81078/epson-printer-not-connecting-to-wifi-network
https://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?f=8&t=611329
http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=362359
http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=4
http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=514842
Step 2: Submit a Request
After the access policy for MAA has been created, it gets into action immediately. When an admin edits or creates a new object for an area that’s protected by an access policy, they see an option on the Save + Review surface where they can enter a description of the change as a business justification.
When the apps are protected by an access policy, any changes introduced to the existing apps or add new apps will require business justification. The requester can add additional notes as to what changes were made and why. Only after adding the business justification, the approver can approve the request or reject it.
To test this, you can either add a new app into Intune or edit any existing apps and make some changes. For example, you may modify the application description, add/remove the assignments etc. After you have made the changes to the app, click Review+Save.
The requester now sees the following message “Before this resource can be updated, it must be approved by another admin. Before you can submit this request, you must enter your business justification.“
On the final page before you can save your changes, add details to the Business justification field and then submit the request. After adding the business justification, click Save.
The admin who submitted the request now sees a notification in the Intune console “Change request submitted” confirming that the request for approval is submitted.
Step 3: Approve Requests
After the admin has submitted the change request, it’s time for approving the request. Here are the steps that you need to follow to find requests to approve
In the Microsoft Endpoint Manager admin center go to Tenant administration > Multi Admin Administration > Received requests. Select the Business justification link for a request to open the review page where you can learn more about the request, and manage approval or rejection.
Comments
Post a Comment