005: Scope Groups
Implementation Effort: Medium – IT and Security Operations teams may need to create new users and devices groups to be used for RBAC controls.
User Impact: Low - No end user impact.
Overview
In Microsoft Intune, scope groups are security groups that help manage access and visibility to Intune objects. Here’s how they work:
Scope (Groups): These groups contain users or devices. Admins in a role assignment are limited to performing operations on these groups. For example, you can deploy a policy or application to a specific user or remotely lock a device based on the scope group .
Scope (Tags): These determine which objects admins can see. For instance, you can create a scope tag called “Seattle” for Seattle regional office admins. They’ll manage profiles and policies specific to Seattle devices.