Published Mar 17, 2025
Starting mid-May 2025, the Intune Service Administrator role will be required to configure device limit enrollment restrictions. Admins without this role will have read-only access. Review and update RBAC assignments to ensure proper permissions.
Updated April 1, 2025: We have updated the rollout timeline below. Thank you for your patience.
Beginning mid-May 2025 (previously mid-April), or soon after, admins will be required to have the ‘Intune Service Administrator’ role-based access control (RBAC) permission to configure device limit enrollment restrictions policy.
How this will affect your organization:
Admins managing these policies will be required to have the ‘Intune Service Administrator’ RBAC permission to update the device limit enrollment restrictions policy. (Devices > Enroll devices > Device limit restrictions). If they do not have this permission, these policies will be read-only.
What you need to do to prepare:
Review your RBAC assignments and update as needed to allow admins permission to update device limit restrictions.
Additional information:
Create device limit restrictions - Microsoft Intune | Microsoft Learn
Role-based access control (RBAC) with Microsoft Intune