This one landed into Microsoft Intune in June 2020 but I’ve found many customer aren’t aware of it, so I’m writing this up for reference. That’s a shame too because many customers have asked for this over the past few years. What I’m talking about is the capability to still have you IT admins manage your Intune tenant, but not require that user to have their own Intune license. It’s a fairly common scenario and Microsoft have now made it so that we can enable this, note however that you cannot reverse this. Here’s how to enable it.
First, log into Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com)
Select Tenant Administration, Select Roles.
Now select Administrator licensing
Next, select the big button – Allow access to unlicensed admins
Now you can simply observe that the change has happened. Perhaps a bit confusing as you might expect something more, but this is now enabled.
From here, we need to ensure that an admin is assigned the appropriate role. We can do this by either browsing to the user or groups that is assigned a role, or alternatively we can browse to a role itself and check the assignments.
If you want to prove it, you are going to need to have a user assigned a role of Intune Administrator or similar administrative role. Then we can either revoke their existing Intune license or simply not assign them one in the first place. I created an example below.
My user Helen has no licenses assigned as we can see.
I have also assigned this user the role of Intune Administrator.
And Helen, can still log in and perform admin tasks within the Microsoft Endpoint Manager admin center.
Hopefully that’s useful for someone, I know it’s especially useful in lab scenarios where you have limited licenses available to you.
Official docs on this subject are available here – https://docs.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control