For purposes of using the “Join Azure AD” and other possible deployment tasks, it would be amazing to have a cloud deployment task that would just create a "Device Enrolment Manager ([email protected])” user, assign it to the proper roles/groups/licenses/etc, config Intune and CA policies, etc and then monitor via schedule that all the right details are in place on an ongoing basis…
The reason this is a bad idea is because you effectively would need to give the ImmyBot application Global Administrator rights for that to all work. There aren’t many folks that would be willing to grant that kind of access–I am definitely in that camp.
One possibility though is if someone in the community wrote a script to do this, and prompt for global admin credentials when appropriate, then the only thing you’d have to do is approve the 2FA prompts during the script eexecution (potentially).
@Anthony_Birone you think something like this is doable?