Let’s check the option to allow Unlicensed Admin to Access Intune. You can give administrators access to Microsoft Endpoint Manager without requiring an Intune license. This feature applies to any administrator, including Intune administrators, global administrators, Azure AD administrators, etc.
Users who sign in to the Microsoft Endpoint Manager admin center don’t require an Intune license. Their scope of access is defined by the roles assigned to them. Other features or services, such as those in Azure Active Directory (AD) Premium, may require a license for the administrator.
Intune supports up to 350 unlicensed admins per security group and only applies to direct members. Admins above this limit will experience unpredictable behavior. It can take up to 48 hours for access changes to take effect.
The Unlicensed admins option has been enabled by default on all accounts created after the Intune service release 2006. This is more useful when you have limited licenses available to you. Let’s see How Unlicensed Admin users can Perform Intune Admin Activities.
- IntuneWinAppUtil.exe Windows 11 Compatibility
- Duplicate Intune RBAC Roles | Endpoint Manager Roles
- Targeting Intune Win32 apps and PowerShell Scripts based on the Enrollment Date
Allow Unlicensed Admins to Access Intune
The following steps guide you to allow access to unlicensed admins using MEM Admin Center.
- Sign in to the Endpoint Manager Intune portal https://endpoint.microsoft.com/
- Navigate to Tenant administration > Roles.
Under Administrator Licensing, Click on Allow access to unlicensed admins that allow admins without an Intune license to access Intune.
A Prompt will appear “Allow access to unlicensed admins”. Clicking on Yes allows admins without an Intune license to access Intune.
Important – Once you enable the unlicensed administrators option. You can’t undo this setting after clicking Yes.
Once you have enabled the access, you will see the message in Administrator Licensing –
All admins who do have licenses can access Intune. To revoke access from an unlicensed admin, remove them as a member from their Azure AD group assigned to Intune role.
Next, let’s review the assigned role for users of the admin group. For Example: Here, I moved to Users > Search for the user part of Intune Tenant > Selected User.
Navigate to the section “Assigned role”. Here you can validate the role of “Intune administrator”. If the user doesn’t have any role assigned, you can click on + Add assignments and assign the administrative role.
Click on Licenses. Here, you can see User has no licenses assigned.
The unlicensed admins should have access to MEM Admin Center if you don’t want to allow admins not to access Intune. You can remove the administrative role for the user.