MT.1103 - Intune RBAC groups should be protected by Restricted Management Administrative Units or Role Assignable groups
Overviewβ
This test checks whether Intune RBAC groups are protected either via Entra Restricted Management Administrative Unit or Role Assignable group.
Remediation actionβ
- Add unprotected Entra security groups to a Restricted Management Administrative Unit
Additional information:
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1103 |
| Severity | High |
| Suite | Maester |
| Category | Intune |
| PowerShell test | Test-MtIntuneRbacGroupsProtected |
| Tags | Intune, Maester, MT.1103 |
Sourceβ
- Pester test:
tests/Maester/Intune/Test-MtIntunePlatform.Tests.ps1 - PowerShell source:
powershell/public/maester/intune/Test-MtIntuneRbacGroupsProtected.ps1