MC1034571 - Plan for Change: Intune Service Administrator role will be required for device limit restrictions

Updated April 1, 2025: We have updated the rollout timeline below. Thank you for your patience.

Beginning mid-May 2025 (previously mid-April), or soon after, admins will be required to have the ‘Intune Service Administrator’ role-based access control (RBAC) permission to configure device limit enrollment restrictions policy.

How this will affect your organization:

Admins managing these policies will be required to have the ‘Intune Service Administrator’ RBAC permission to update the device limit enrollment restrictions policy. (Devices > Enroll devices > Device limit restrictions). If they do not have this permission, these policies will be read-only.

What you need to do to prepare:

Review your RBAC assignments and update as needed to allow admins permission to update device limit restrictions.

Additional information:

Create device limit restrictions - Microsoft Intune | Microsoft Learn

Role-based access control (RBAC) with Microsoft Intune