Cloud Device Administrator is the new role that will provide this capability . This will be generally available in the coming monthsTodd Meyers commented
Along with most everyone here we deal with thousands of users who login into multiple devices everyday (Laptops, desktop, Virtual desktops, etc.) The build up grows rapidly and seems to only effect users who have enrolled with Intune to gain access to their corporate email. after a certain period of time their email will stop working on their phone because the company portal app has requested the user to login again. This gets added to the list of devices again and then blocks the user. The ability to remove these devices in a lower administrative account or the ability for the Global Admin to delegate this permission to any role would be great.