Microsoft Intune offers a powerful mobile device management and security platform, and to further enhance its capabilities, Microsoft has introduced Multiple Administrative Approval.
This feature provides an additional layer of security by requiring approval from another before any modifications to apps and scripts can be implemented. This is especially useful in preventing unauthorized and (potentially malicious) changes to your Intune environment.
In this demo, I will demonstrate how to set up Multiple Administrative Approval for apps. However, it’s important to note that the same process applies to scripts as well.
- Open https://intune.microsoft.com
- Create a new security group, for example, an Azure AD group named ‘AAD-Multi-Approval-Apps’. Members of this group will be authorized to approve app changes. We will link this group to the policy later.
- Open on the left-side of the screen to Tenant Administraton – Multi Admin Approval
- Open Access policies – Create
- Fill in a descriptive name such as Multi Approval – Apps and choose profile type Apps
- Choose the approvers security group and choose Create
How does it work?
Let’s now take a look at what it looks like when adding a new App.
- Open on the left-side of the screen Apps and choose All Apps
- In this case, I’m going to add the Company Portal app. At the bottom of the screen when adding the app, you’ll see that a reason needs to be provided and the request for approval can be submitted.
- As you can see, the app has been added to Intune, but it is awaiting approval before being pushed to the workstations. The request can also be seen in the multi-admin approval screen.
- If you’re logged in as a user who belongs to the approval group, you can now proceed to approve the application.
Thank you for taking the time to read my blog. Kindly share it with others if you find it helpful!