Patch My PC Ideas & Feedback
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize requests, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize requests, please see:
Customer request:
I have set up 5 Entra groups in the portal that all point to a specific PMPC role. (Full Admin, Full Admin + Access Mgmt, Custom App Admin, Intune App Admin, Read-only Admin)
I was thinking that we could utilize PIM (Entra) in order to add our admins as eligible members of the related groups. So that we do not always have permissions activated. This worked well initially but I noticed that we cannot combine permissions. For example, I had an idea of having the read-only permission as an active assignment on all of us admins. And then once you needed to do anything you would PIM the relevant role. However it seems that the permissions are not "stacking". So when "pimming" to the custom app role I would still only have read-only permissions.
The read only thing was more of a "nice to have" though, however we feel like we would always have to combine the roles of Custom App Admin + Intune App Admin, since a normal application packager here would require both those permissions in order to work.
