MT.1096 - Intune Multi Admin approval should be configured
Overviewā
Ensure at least one Intune Multi Admin Approval Policy is configured. Microsoft Intune Multi Admin Approval helps to limit the impact of compromised administrators by requiring approval for sensitive activities.
Remediation action:ā
To create a multi admin approval policy:
- Navigate to Microsoft Intune admin center.
- Click Tenant Administration and select Multi Admin Approval or use the Microsoft Intune Portal - Multi Admin Approval direct link.
- Select Access policies and create a new access policy, e.g. for Scripts
- Let another Intune Administrator approve your request to create the access policy
- Re-visit the access policies section and complete the policy creation.
Additional information:
Test Metadataā
| Field | Value |
|---|---|
| Test ID | MT.1096 |
| Severity | Medium |
| Suite | Maester |
| Category | Intune |
| PowerShell test | Test-MtOperationApprovalPolicies |
| Tags | Intune, Maester, MT.1096 |
Sourceā
- Pester test:
tests/Maester/Intune/Test-MtIntunePlatform.Tests.ps1 - PowerShell source:
powershell/public/maester/intune/Test-MtOperationApprovalPolicies.ps1