Who can run Intune identifier operations?
What roles typically need to be assigned to perform Intune identifier checks and imports, and how to validate access.
Even with the right Graph permissions, the signed-in user may need an appropriate Intune administrative role.
If access fails, verify role assignments and ensure the tenant has granted the needed permissions.
Key points
- Confirm Intune role assignment
- Verify tenant permissions/consent
- Test with a dedicated admin account
Related guides
Device label photo capture tips for accurate serials
Practical tips to take clearer device label photos so serial numbers extract reliably and registration stays fast.
Handle missing or duplicate serial numbers
How to deal with devices that have missing labels, unreadable serials, or duplicate serial entries in your inventory.
Error handling and retries for Graph operations
Design retries carefully: respect Retry-After, avoid duplicate submissions, and surface clear progress to admins.
Corporate-owned recognition in Intune: practical notes
How corporate identifiers can help with corporate-owned recognition, and what to verify when behavior differs from expectations.
Reconciling Intune and your internal inventory
How to reconcile differences between your internal inventory and Intune state: mismatches, missing devices, and duplicates.
Skip existing identifiers during Intune import
Learn when skipping existing identifiers is appropriate and how to report what was skipped vs uploaded.
This guide is informational. If you’re using Intune features, ensure you have the right tenant permissions and administrator consent where required.