Role based administration is used to secure the access that is needed to administer SCCM. You also secure access to the objects that you manage, like collections, deployments, and sites but lacks a couple of roles to be complete. For example, there’s no built-in role for report administration or report viewer. We already covered the report viewer role in a previous post. This role give access to your users to consult and run SCCM Reports on the SSRS website. But what if you want to give access to an administrator to create, modify and upload reports without giving them access to the SCCM console ? This post will describe how to create SCCM Report Administrator Role which will fulfill this need. How to Create SCCM Report Administrator Role The first step is to create a Report Users role Once created, go to Administration \ Security \ Security Roles Right-click Report … Read More
How to Strengthen Security for Intune with RBAC in SCCM
The majority of companies use SCCM to manage laptops, computers, servers and some for mobile devices, if they use Microsoft Intune in hybrid mode. In some situations, Intune and SCCM management is done by 2 different teams. Except for the Full Administrator role in SCCM, it’s possible to separate Intune with Configuration Manager infrastructure in the console by using security roles and security groups (RBAC). The goal is to ensure that an Intune administrator does not access Configuration Manager client devices and objects, as you don’t want to end up with people who may wipes or manages mobile devices when they are supposed to be only Configuration Manager admins. This post will explain how to strengthen security and separate Intune with Configuration Manager infrastructure in SCCM console. Create Devices Collection for Intune Client The first thing to do is create a device collection that targets Intune clients. There’s two ways to create … Read More
How to Start Securing ConfigMgr in the Enterprise
As an IT professional, you already know that a security breach can be devastating. It can also be expensive, $4 million on average according to a 2015 survey sponsored by IBM. Microsoft System Center Configuration Manager (ConfigMgr) can play a huge part in preventing attacks and implementing an enterprise-wide security solution. ConfigMgr helps companies make sure all endpoints are current with the latest security fixes, configured correctly, behaving normally, and only running authorized applications. However, like almost everything else in IT these days, ConfigMgr itself is a target for hackers who can use it to distribute malware, take control of computers with access to private data, and engage in all manner of nefarious activity. According to a recent Adaptiva survey of more than 150 IT professionals, 70 percent expressed concern about potential security vulnerabilities in their Microsoft ConfigMgr environments. Securing the perimeter of your company’s network is usually the … Read More