Merge pull request #19459 from MicrosoftDocs/main

Auto Publish – main to live - 2026-01-28 08:30 UTC

Author: learn-build-service-prod[bot]

intune/intune-service/fundamentals/account-sign-up.md

@@ -15,14 +15,14 @@ ms.collection:
 
 # Sign up or sign in to Microsoft Intune
 
-This article can help system administrators sign up for an Intune account. Before you sign up for Intune, determine if your organization already uses [Microsoft Entra ID](/entra/fundamentals/what-is-entra). Entra ID supports work or school accounts that you use with Intune and other Microsoft online services and subscriptions, like Microsoft Azure and Microsoft 365.
+This article can help system administrators sign up for an Intune account. Before you sign up for Intune, determine if your organization already uses [Microsoft Entra ID](/entra/fundamentals/what-is-entra). Microsoft Entra supports work or school accounts that you use with Intune and other Microsoft online services and subscriptions, like Microsoft Azure and Microsoft 365.
 
-- To add an Intune subscription to an Entra tenant, you must use an account that is assigned an Entra ID built-in role with sufficient permissions to add Intune. The initial sign-up page identifies the applicable built-in roles, which include [Billing Administrator](/entra/identity/role-based-access-control/permissions-reference#billing-administrator), [Compliance Administrator](/entra/identity/role-based-access-control/permissions-reference#compliance-administrator), and [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator).
+- To add an Intune subscription to an Entra tenant, you must use an account that is assigned an Entra ID built-in role with sufficient permissions to add Intune. The initial sign-up page identifies the applicable built-in roles, including:
 
-  > [!CAUTION]
-  > [!INCLUDE [global-admin](../includes/global-admin.md)]
+  - [Billing Administrator](/entra/identity/role-based-access-control/permissions-reference#billing-administrator)
+  - [Compliance Administrator](/entra/identity/role-based-access-control/permissions-reference#compliance-administrator)
 
-- If you don't have an Entra tenant, then an Entra tenant is created for your organization when you **sign up** for an Intune subscription, which is common for trial subscriptions. In this scenario, the account you use to sign up automatically receives the Global Administrator role for the new Entra tenant.
+- If you don't have a Microsoft Entra tenant, then a tenant is created for your organization when you **sign up** for an Intune subscription. You can also sign up for a [trial subscription](try-intune-overview.md).
 
 > [!WARNING]
 > You can't combine an existing work or school account after you sign up for a new account.

intune/intune-service/fundamentals/deployment-guide-enrollment.md

@@ -77,11 +77,6 @@ Microsoft Intune automatically marks devices that meet certain criteria as corpo
 
 - Sign in as a member of the **Policy and Profile Manager** built-in Intune role. For information on the permissions in this role, go to [Built-in role permissions for Microsoft Intune - Policy and Profile manager](role-based-access-control-reference.md#policy-and-profile-manager).
 
-  If you created an Intune Trial subscription, the account that created the subscription is a Microsoft Entra [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator).
-
-  > [!CAUTION]
-  > [!INCLUDE [global-admin](../includes/global-admin.md)]
-
   It's possible some enrollment platforms might require a more privileged Microsoft Entra role, like the **Intune Administrator** built-in role. For information on this role, go to [Microsoft Entra built-in roles - Intune Administrator](/entra/identity/role-based-access-control/permissions-reference#intune-administrator).
 
 - Different platforms can have other requirements. For example, iOS/iPadOS and macOS devices require an [MDM push certificate from Apple](../enrollment/apple-mdm-push-certificate-get.md). Any other platform requirements are listed.

intune/intune-service/fundamentals/free-trial-sign-up.md

@@ -3,7 +3,7 @@ title: Sign Up for Microsoft Intune Free Trial Setup Guide
 description: Sign up for a Microsoft Intune free trial and configure your tenant. Learn the setup process, prerequisites, and how to configure domain names. Start evaluating Intune today.
 author: nicholasswhite
 ms.author: nwhite
-ms.date: 01/20/2026
+ms.date: 01/27/2026
 ms.topic: how-to
 ms.reviewer: tycast
 ms.collection:
@@ -113,24 +113,23 @@ Intune uses role-based access control (RBAC) to manage permissions.
 
 The account that creates the subscription is assigned the Microsoft Entra [Global Administrator role](/entra/identity/role-based-access-control/permissions-reference#global-administrator). This built-in role is a privileged Microsoft Entra role and has more permissions than needed for most Intune tasks.
 
+We suggest that you sign out of the Global Administrator role account and sign in with an account that's needed for the Intune task.
+
 There are built-in roles specifically created and used to manage Intune. Your goal is to use the least privilege role that can perform the necessary tasks. For this series of articles, the following built-in roles are needed:
 
 | Role | Description |
 |---|---|
-| **[Intune Administrator](/entra/identity/role-based-access-control/permissions-reference#intune-administrator)** | A Microsoft Entra role that has full access to all features in Microsoft Intune. You can use this account to set up Intune. |
 | **[Domain Name Administrator role](/entra/identity/role-based-access-control/permissions-reference#domain-name-administrator)** | A Microsoft Entra role that can add and verify custom domain names in your tenant. This role is only used if you configure a custom domain name in this series, which is optional. |
+| **[Intune Administrator](/entra/identity/role-based-access-control/permissions-reference#intune-administrator)** | A Microsoft Entra role that has full access to all features in Microsoft Intune. You can use this account to set up Intune and set up Automatic Enrollment for Windows devices. |
 | **[User Administrator](/entra/identity/role-based-access-control/permissions-reference#user-administrator)** | A Microsoft Entra role that can create and manage user accounts and groups in Intune and Microsoft 365. |
-| **[Policy and Profile Manager](../fundamentals/role-based-access-control-reference.md#policy-and-profile-manager)** | An Intune role that can create and manage Intune policies. |
 | **[Application Manager](../fundamentals/role-based-access-control-reference.md#application-manager)** | An Intune role that can add and manage apps in Intune. |
 | **[Intune Role Administrator](../fundamentals/role-based-access-control-reference.md#intune-role-administrator)** | An Intune role that can create and manage custom roles and add users to Intune roles. |
-| **[Global Administrator role](/entra/identity/role-based-access-control/permissions-reference#global-administrator)** | A Microsoft Entra role that sets up Automatic Enrollment for Windows devices. This role is only used once in this series. |
+| **[Policy and Profile Manager](../fundamentals/role-based-access-control-reference.md#policy-and-profile-manager)** | An Intune role that can create and manage Intune policies, including compliance, device configuration, and most enrollment policies. |
 
 If many admins are testing Intune, then assign their accounts to only the roles they need. For example, if an admin is only responsible for adding and managing apps, assign that admin only to the **Application Manager** role.
 
 - To assign built-in roles to your admin team, see [Assign Microsoft Intune roles for role-based access control](assign-role.md).
 
-We also suggest that you sign out of the Global Administrator role account and sign in with an account that's needed for the Intune task.
-
 For more information about Intune built-in roles, see:
 
 - [Role-based access control (RBAC) with Microsoft Intune](role-based-access-control.md)