How to Configure Multiple Admin Approvals In Intune

In this post, you’ll learn how to configure multiple admin approvals in Intune. You can use the access policies to require multiple administrative approvals (MAAs) over Intune resources.

We will go through the process step-by-step to understand what multiple admin approvals in Intune are, who can create and approve MAA policies in Intune, how to create an access policy, submit a request, and get an approval.

Multiple Admin Approvals is a new feature introduced in the Microsoft Intune November (2211) service release. With MAA, you configure access policies that protect specific configurations, like apps or scripts for devices. This feature is currently in public preview. You can try out this new feature in your Intune tenant and let Microsoft know what you think. The general availability of this feature will be announced by Microsoft soon.

If you are using Configuration Manager, you can approve application requests for users and approve SCCM application requests via email. Multiple Admin Approvals is Intune is more advanced and offers way more features.


https://forum.parole-et-resilience.fr/thread-2438.html

https://vynuogininkuforumas.lt/showthread.php?tid=8768

https://forum.usa55holes.com/showthread.php?tid=7741

https://mcmon.ru/showthread.php?tid=2229

https://ordemdospsicologos.org/forum/showthread.php?tid=1761

https://zinaramirez.com/mybb/thread-2491.html

http://forum.icohaberleri.com/showthread.php?tid=60

https://socalireefer.com/forum/showthread.php?tid=7719

https://tnterci.com.br/mybb/showthread.php?tid=8942

https://remont.biz.pl/forum/thread-141233.html

https://forum.resmihat.kz/viewtopic.php?t=76128

https://forum.resmihat.kz/viewtopic.php?t=215487

https://forum.resmihat.kz/viewtopic.php?t=64823

https://www.darkquarterer.it/forum/viewtopic.php?t=251050

https://www.darkquarterer.it/forum/viewtopic.php?t=241912

https://www.darkquarterer.it/forum/viewtopic.php?t=251792

https://denniss.forum2go.nl/viewtopic.php?t=21088

https://denniss.forum2go.nl/viewtopic.php?t=56919

https://denniss.forum2go.nl/viewtopic.php?t=34701


Table of Contents

  • What is Multiple Administrative Approval (MAA)?
  • Who can Create and Approve Requests?
  • How to Configure Multiple Admin Approvals In Intune
  • Step 1: Create Access Policy for MAA in Intune
  • Step 2: Submit a Request
  • Step 3: Approve Requests
  • Step 4: Monitor the Status of your Requests
  • Intune Multiple Administrator Approval Statuses
  • Conclusion


What is Multiple Administrative Approval (MAA)?

To help protect against a compromised administrative account, use Intune access policies to require that a second administrative account is used to approve a change before the change is applied. This capability is known as multiple administrative approval (MAA).

You can set up access policies with MAA to safeguard particular device configurations like apps or scripts. What is protected and which group of accounts is allowed to approve modifications to those resources are both specified by access policies.

When an access policy-protected resource is changed by any account in the Tenant, Intune won’t make the change effective until a different account explicitly approves it. Changes can only be approved by administrators who are a part of an approval group that has been given a protected resource by an access protection policy. Change requests may also be rejected by approvers.


Currently, the access policies in Intune are supported only for the following resources:

  • Apps: Applies to app deployments, but doesn’t apply to app protection policies.
  • Scripts: Applies to deploying scripts to devices that run macOS or Windows.






















Who can Create and Approve Requests?

To create an MAA access policy, the account must be assigned the Intune Service Administrator or Azure Global Administrator role. Only these two roles have the permissions to create MAA policies in Intune.

To approve MAA policies, an account must be in the group that’s assigned to the access policy for a specific type of resource. Ensure the user is part of the group that can approve requests before you test the admin approvals in Intune.


How to Configure Multiple Admin Approvals In Intune

We will now go through the steps to configure multiple admin approvals in Intune. There are many steps involved in getting Multiple Administrative Approvals to work. We will go through each step and understand how to configure the admin approvals in Intune.


Step 1: Create Access Policy for MAA in Intune


Perform the following steps to create an access policy for multiple administrative approvals in Intune:

  • Launch the browser and sign-in to the Intune Portal.
  • Go to Tenant administration > Multi Admin Administration > Access policies and select Create.


On the Basics page, provide a Name, and optional Description. For the Profile type, there are two options available: Apps and Scripts. Select Apps from the available options. Each policy supports a single profile type. Click Next.

On the Approvers page, select Add groups and then select a group as the group of approvers for this policy. More complex configurations that exclude groups aren’t supported. Click Next.

On the Review + Create page, review the access policy, and then save your changes. After this policy is applied by Intune, configurations for the protected profile type will need approval from more than one admin.

A message stating that multiple admin approvals were successfully created can be seen in the console’s upper-right corner. All the access policies that you have created will appear under the Tenant Admin > Multiple Admin Approval blade of the Intune console.


https://mmpulawy.sugester.pl/313973-Rozklad-jazdy-MZK?order=popular

http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=9&t=167881&p=272686

http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=9&p=272261

http://www.hertha03-fz2.de/phpBB3/viewtopic.php?p=307

http://www.hertha03-fz2.de/phpBB3/viewtopic.php?f=3&p=249411

http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=20&p=731410

http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=8&t=233523

http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=12&t=71654&start=0

http://www.gartenwelt-oppl.at/forum/viewtopic.php?f=8&t=23700

https://casualvalueinvestor.com/forum/index.php?topic=128230.0

https://casualvalueinvestor.com/forum/index.php?topic=119356.0

https://casualvalueinvestor.com/forum/index.php?topic=118697.0

https://casualvalueinvestor.com/forum/index.php?topic=124998.0

http://www.skillcoach.org/forums/topic/81095/is-verizon-email-not-working-though-you-ensure-basic-treatments/view/post_id/138757

http://www.skillcoach.org/forums/topic/81066/digitizing-services-for-embroidery

http://www.skillcoach.org/forums/topic/81078/epson-printer-not-connecting-to-wifi-network

https://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?f=8&t=611329

http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=362359

http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=4

http://forum.saintbrieuc-parlonsnous.fr/viewtopic.php?t=514842


Step 2: Submit a Request

After the access policy for MAA has been created, it gets into action immediately. When an admin edits or creates a new object for an area that’s protected by an access policy, they see an option on the Save + Review surface where they can enter a description of the change as a business justification.

When the apps are protected by an access policy, any changes introduced to the existing apps or add new apps will require business justification. The requester can add additional notes as to what changes were made and why. Only after adding the business justification, the approver can approve the request or reject it.

To test this, you can either add a new app into Intune or edit any existing apps and make some changes. For example, you may modify the application description, add/remove the assignments etc. After you have made the changes to the app, click Review+Save.

The requester now sees the following message “Before this resource can be updated, it must be approved by another admin. Before you can submit this request, you must enter your business justification.“

On the final page before you can save your changes, add details to the Business justification field and then submit the request. After adding the business justification, click Save.

The admin who submitted the request now sees a notification in the Intune console “Change request submitted” confirming that the request for approval is submitted.


Step 3: Approve Requests

After the admin has submitted the change request, it’s time for approving the request. Here are the steps that you need to follow to find requests to approve

In the Microsoft Endpoint Manager admin center go to Tenant administration > Multi Admin Administration > Received requests. Select the Business justification link for a request to open the review page where you can learn more about the request, and manage approval or rejection.

Comments

Post a Comment

Popular posts from this blog

The 10 Best Apartment Websites of 2019

Condo discoverer sites are prospering, with most destinations joined by Android and iOS applications for in a hurry get to. To abstain from passing up key highlights, be that as it may, it's ideal to concentrate on the sites themselves. Here's are the ten best sites to discover lofts, regardless of whether its a studio or a shabby 2 room. 1.Hotpads: Most Feature-Packed Apartment Finder  Naturally, this component rich site gives you a guide of the zone, with a rundown see close by. In the guide see, you select symbols of structures to see subtleties and photographs of explicit loft postings. Photographs additionally incorporate Google Street View. Worked in inquiry channels incorporate condo, value run, number of office setup showers, rental sorts, and property types. You can choose from rental kinds, for example, customary, sublet, corporate, and space for lease, just as from property types, for example, loft, apartment suite, duplex, house, and townhouse. On the of
Read more

The 10 Best Sites for Free Stock Images

On the off chance that you need to download free stock pictures to add to your site, blog, social profiles or whatever else, you need to realize where to search for them on the web. The best destinations have enormous libraries of astounding pictures in each classification conceivable that you can use for essentially anything by any stretch of the imagination—without expecting to give attribution on the off chance that you'd favor not. We scoured the web to locate the most elite. Examine the accompanying rundown with the expectation of complimentary stock photographs that will overwhelm you. 1.Unsplash: Crowdsourced Photos from Photograpehrs Around the World  Unsplash is a notable top choice, highlighting probably the most expert looking photography you'll discover anyplace on the web. The majority of its photographs originate from the liberal picture takers who give them to the network to use for nothing, no attribution fundamental (however valued). You can make your
Read more

ConfigMgr 2212 Technical Preview Update Details

There will be no ConfigMgr 2212 Technical Preview release. Yes, you heard it right: Microsoft skipped the 2212 technical preview release, and the next TP release will be version 2301. Typically, Microsoft releases a technical preview version every single month of the year. In the past, we also saw two technical preview releases in a month. But for the first time ever, there won’t be a technical preview release. On this blog, I have been covered the installation and new features all the versions of technical preview that have been released so far. Did you know that there have been 97 technical preview versions released by Microsoft so far? The two previous technical preview releases were TP 2211 and TP 2210 and version 2212 was expected in the month of December 2022. Here is an updated guide consisting of all the SCCM technical preview releases. https://www.tnfnorth.com/viewtopic.php?t=2830 http://tnfnorth.com/viewtopic.php?t=7189 http://tnfnorth.com/viewtopic.php?t=155931 https://tnfno
Read more