There are several components used to manage departmental access to UGA's Microsoft Intune tenant. Basic access information, role definitions, and examples are provided below.
Intune Administrator: Each department should have a designated individual to serve as an Intune Administrator. This individual will receive a UGAMail z-account to manage Intune access for their department.
Example: z-myid@uga.edu
Admin Group: When a department is onboarded to Intune, an Admin Group will be created as a way to identify and manage the overall department in Intune. The Intune Administrator for that department will be assigned as the owner. This group is also added to MDM (Mobile Device Management) for Intune.
Example: EITS-UGAMail Intune Admins
If changes need to be made to ownership of the Admin Group, please submit a Microsoft Intune Support Request.
Azure AD Group: Departments provide the initial population for their Faculty/Staff and Student Azure AD groups during the onboarding process. These Azure AD groups are licensed for Intune so that their group members can login to their devices in Intune.
Example: CAES-Students or CAES-Faculty-Staff
After these groups are initially populated in the onboarding process, Intune Administrators will have the ability to manage these groups going forward.
Scope Tags: Azure AD Groups are added to Scope Tags, which are used to manage Intune objects and content that those groups are allowed to access. EITS personnel will allocate standard objects and content
Example: EITS-CTS
If changes need to be made to the objects and content in the Scope Tag, please submit a Microsoft Intune Support Request.