I'm curious about how organizations manage their multi-admin approval process in Intune. After some recent incidents, it's evident that having robust approval workflows is crucial. I've seen videos explaining the mechanics, but I'm interested in practical insights. Who do you typically include in your approver group? Our help desk regularly wipes devices and sometimes works on endpoints, so I'm trying to figure out how to maintain quick operational responses while still allowing for proper approvals. Can the help desk itself be part of the approver group, and if so, does that mean two members are needed for a request approval?
4 Answers
I agree that the approver setup needs to balance speed and security. We have our help desk as the approver group for efficiency. However, if there’s an attack, having multiple compromised accounts can make it tricky. Ensure you have PIM for your admin roles to mitigate risks.
I recently filed a design change request suggesting a threshold for the number of device wipes that can happen without requiring approval. The current process can be a bit too rigid. It would be great to implement something that allows a certain number of wipes in a timeframe without always needing double approval.
It's really important to ensure your Global Admin and Intune admin accounts are secure. If those accounts get compromised, a multi-admin approval won't matter much. Consider using Privileged Identity Management (PIM) so that permissions are only active when needed. This could provide better security during emergencies.
Yes, you're correct! You can definitely involve your help desk team in the approver group, and it works well since any two members can approve requests. This setup helps keep things moving quickly, especially during those urgent wipe scenarios.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures