跳到主要內容

005: Scope Groups

Implementation Effort: Medium – IT and Security Operations teams may need to create new users and devices groups to be used for RBAC controls.

User Impact: Low - No end user impact.

Overview

In Microsoft Intune, scope groups are security groups that help manage access and visibility to Intune objects. Here’s how they work:

Scope (Groups): These groups contain users or devices. Admins in a role assignment are limited to performing operations on these groups. For example, you can deploy a policy or application to a specific user or remotely lock a device based on the scope group .

Scope (Tags): These determine which objects admins can see. For instance, you can create a scope tag called “Seattle” for Seattle regional office admins. They’ll manage profiles and policies specific to Seattle devices.

Reference