Starting on April 11, 2024, or soon after, we are updating the requirements for configuring Enrollment device platform restrictions. Admins will be required to have the ‘Intune Service Administrator’ role-based access control (RBAC) permission to update this policy.
How this will affect your organization:
Admins managing these policies will be required to have the ‘Intune Service Administrator’ RBAC permission to update the Enrollment device platform restrictions. (Devices > Enrollment > Device platform restriction). If they do not have this permission, these policies will be read-only.
What you need to do to prepare:
Review your RBAC assignments and update as needed to allow admins permission to update the device platform restriction policy.
Additional information:
Create device platform restrictions - Microsoft Intune | Microsoft Learn
Role-based access control (RBAC) with Microsoft Intune