Professional Documents
Culture Documents
Synchronize
on-premises
users with
Azure AD
Add users
Microsoft and grant
and grant ErikjeMS erikje
Intune administrator
permissions
permissions
for your
Intune
subscription.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 1/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
First name
Last name
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 2/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
Display name
User name - Universal principle name (UPN) stored in Azure Active Directory
used to access the service
Location
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 3/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
5. Assign an Intune license. Select Product licenses and choose the product license. A
license including Intune is required.
Name
User name - The new name in Azure Active Directory portal
Choose OK to continue.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 5/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
5. Select Profile, and then choose a Usage location for the new user. Usage location
is required before you can assign the new user an Intune license. Choose Save to
continue.
6. Select Licenses and then choose Assign to assign an Intune license for this user. An
Intune license is required to enroll devices or access company resources. Select
Products, choose the license type, choose Select, and then choose Assign.
After you've added users to your Intune subscription, we recommend that you grant a
few users administrative permission. To grant admin permissions, follow these steps:
1. Sign in to the Microsoft 365 admin center with a global administrator account.
3. In the Admin center, choose Active users and then choose the user to give admin
permissions.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 7/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
5. Choose the admin permission to grant from the list of available roles.
6. Choose Save.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 8/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
4. Choose Save.
Types of administrators
Assign users one or more administrator permissions. These permissions define the
administrative scope for users and the tasks they can manage. Administrator
permissions are common between the different Microsoft cloud services, and some
services might not support some permissions. Both the Azure portal and Microsoft 365
admin center list limited administrator roles that are not used by Intune. Intune
administrator permissions include the following options:
Global administrator - (Office 365 and Intune) Accesses all administrative features
in Intune. By default the person who signs up for Intune becomes a Global admin.
Global admins are the only admins who can assign other admin roles. You can have
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 9/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
The account you use to create your Microsoft Intune subscription is a global
administrator. As a best practice, do not use a global administrator for day-to-day
management tasks. While an administrator does not require an Intune license to access
the Intune on Azure portal, in order to perform certain management tasks, such as
setting up the Exchange service Connector, an Intune license is required.
To access the Microsoft 365 admin center, your account must have a Sign-in allowed
set. In the Azure portal under Profile, set Block sign in to No to allow access. This status
is different from having a license to the subscription. By default, all user accounts are
Allowed. Users without administrator permissions can use the Microsoft 365 admin
center to reset Intune passwords.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 10/11
05/09/2023 20:54 IntuneDocs/intune/fundamentals/users-add.md at main · MicrosoftDocs/IntuneDocs · GitHub
The only tool that you need to synchronize your user accounts with Azure AD is the
Azure AD Connect wizard. The Azure AD Connect wizard provides a simplified and
guided experience for connecting your on-premises identity infrastructure to the cloud.
Choose your topology and needs (single or multiple directories, password hash sync,
pass-through authentication, or federation). The wizard deploys and configures all
components required to get your connection up and running. Including: sync services,
Active Directory Federation Services (AD FS), and the Azure AD PowerShell module.
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/fundamentals/users-add.md 11/11