When performing Intune administration tasks, there are tasks – for example application updates – which may require a second view before being deployed and applied.
You can now request a second approval step when performing some administrative tasks.
During this preview, the multiple approval workflow applies only to:
- Application – applies to application deployment but not the application protection policies
- Script – applies to deploy script to Windows or macOS devices
To implement the multiple approval workflow you first need to create the workflow to define the approvers and the target type.
NOTE during the preview, there is no notification being sent
To create the workflow, connect to your Intune administration portal (https://endpoint.microsoft.com/) and access the Tenant administration\Multi Admin Approval blade to create the Access policies
You need to be granted either Global Administrator or Intune Service Administrator role
When creating the policy, you can choose the profile type (script or application) and the approvers (user group); you can add multiple groups when configuring the approvers
Once you have created the access policy, you can then follow the usual process to deploy or edit the supported resource (application or script)
At the last step Review+save, you will get a banner notifying an approval is required and you need to provide a justification; you can not save the change until you have provided the justification
The new/edited resource is now showing a blue/information banner indicating a change has been made but requires an administrator approval
When clicking on this banner, you can see the change and cancel the request if needed; the ‘title’ is the justification provided when submitting the change
You can not process the request from this blade
To review and approve administrators need to access the Tenant administration\Multi Admin Approval blade to review the change requests, view and manage their own requests
An administrator can not approve its own request
NOTE seems during the preview the change request are expiring very quickly (about 30 minutes)