Cloud Device Administrator is the new role that will provide this capability . This will be generally available in the coming monthsKent supported this idea ·Kent commented
The RBAC roles of InTune (even the InTune Administrator role) cannot remove a device from Azure! One needs to be a Global Administrator in Azure to remove dormant devices when they cannot be removed! Unless I'm missing something, there needs to be a canned RBAC role or permission for Azure and InTune corrected by MS for this. What a nightmare to support!
In example: An iOS device which was once enrolled with InTune and now has been wiped by it's last user, is now to be reused by someone else. However, by InTune's design, it CAN'T ENROL now and delivers some meaningless-cryptic error about "Profile Installation Failed" "A connection to the server could not be established"... And so the unsaid solution, is to remove the device from InTune... But guess what!?! You can't! Not unless you know who the old user was! And since the device was wiped by the old user, the Search by email, UPN, or 'Device Name' is totally pointless! All that can be discerned on the device is the essentially the serial and IMEI from it! And behold, you can't search by those details to remove the device so it can now enrol with a new user!
Nevermind the permissions, how unthought out does this design seem?
Subsequently, how pointless also is the new Troubleshoot Blade when you can only search for name or email there as well!
There needs to be way more intuitive search options. As well as a better design for the reuse of devices!
I’ve also seen similar occur on Win 10 Join. Removing from InTune and completely resetting the device was the only way to resolve this similar error… Azure AD Join Error 80180026
Personally I would think that a reused device should pave over the last active user in Azure/InTune… obviously not!