Allow Unlicensed Admin to Access Intune

Let’s check the option to allow Unlicensed Admin to Access Intune. You can give administrators access to Microsoft Endpoint Manager without requiring an Intune license. This feature applies to any administrator, including Intune administrators, global administrators, Azure AD administrators, etc.

Users who sign in to the Microsoft Endpoint Manager admin center don’t require an Intune license. Their scope of access is defined by the roles assigned to them. Other features or services, such as those in Azure Active Directory (AD) Premium, may require a license for the administrator.

Intune supports up to 350 unlicensed admins per security group and only applies to direct members. Admins above this limit will experience unpredictable behavior. It can take up to 48 hours for access changes to take effect.

The Unlicensed admins option has been enabled by default on all accounts created after the Intune service release 2006. This is more useful when you have limited licenses available to you. Let’s see How Unlicensed Admin users can Perform Intune Admin Activities.

Patch My PC

Allow Unlicensed Admins to Access Intune

The following steps guide you to allow access to unlicensed admins using MEM Admin Center.

  • Sign in to the Endpoint Manager Intune portal https://endpoint.microsoft.com/
  • Navigate to Tenant administration > Roles.
Click on Roles - Allow Unlicensed Admin to Access Intune
Click on Roles – Allow Access Intune

Under Administrator Licensing, Click on Allow access to unlicensed admins that allow admins without an Intune license to access Intune.

Administrator Licensing - Allow access
Administrator Licensing – Allow access

A Prompt will appear “Allow access to unlicensed admins”. Clicking on Yes allows admins without an Intune license to access Intune.

Important – Once you enable the unlicensed administrators option. You can’t undo this setting after clicking Yes.

Adaptiva
Click on Yes to allow access
Click on Yes to allow access

Once you have enabled the access, you will see the message in Administrator Licensing –

All admins who do have licenses can access Intune. To revoke access from an unlicensed admin, remove them as a member from their Azure AD group assigned to Intune role.

Next, let’s review the assigned role for users of the admin group. For Example: Here, I moved to Users > Search for the user part of Intune Tenant > Selected User.

Navigate to the section “Assigned role”. Here you can validate the role of “Intune administrator”. If the user doesn’t have any role assigned, you can click on + Add assignments and assign the administrative role.

Intune Assigned Roles
Intune Assigned Roles

Click on Licenses. Here, you can see User has no licenses assigned.

Assigned Licenses
Assigned Licenses

The unlicensed admins should have access to MEM Admin Center if you don’t want to allow admins not to access Intune. You can remove the administrative role for the user.

Author

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.