Intune – You can now use multiple administrator approval for administration task (preview)

When performing Intune administration tasks, there are tasks – for example application updates – which may require a second view before being deployed and applied.

You can now request a second approval step when performing some administrative tasks.

During this preview, the multiple approval workflow applies only to:

  • Application – applies to application deployment but not the application protection policies
  • Script – applies to deploy script to Windows or macOS devices

To implement the multiple approval workflow you first need to create the workflow to define the approvers and the target type.

NOTE during the preview, there is no notification being sent

To create the workflow, connect to your Intune administration portal (https://endpoint.microsoft.com/) and access the Tenant administration\Multi Admin Approval blade to create the Access policies

You need to be granted either Global Administrator or Intune Service Administrator role

image

When creating the policy, you can choose the profile type (script or application) and the approvers (user group); you can add multiple groups when configuring the approvers

image

Once you have created the access policy, you can then follow the usual process to deploy or edit the supported resource (application or script)

At the last step Review+save, you will get a banner notifying an approval is required and you need to provide a justification; you can not save the change until you have provided the justification

image  image

The new/edited resource is now showing a blue/information banner indicating a change has been made but requires an administrator approval

image

When clicking on this banner, you can see the change and cancel the request if needed; the ‘title’ is the justification provided when submitting the change

You can not process the request from this blade

image

To review and approve administrators need to access the Tenant administration\Multi Admin Approval blade to review the change requests, view and manage their own requests

image  image

An administrator can not approve its own request

NOTE seems during the preview the change request are expiring very quickly (about 30 minutes)

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.