Custom Role Based Admins - Ensure custom admin roles functions matches information associated with that role
We have the need for custom roles. One such customized role is for device configurations. Under that there is the ability to Assign, Create, Delete, Read, and Update.
Update used to allow the ability to change the configurations (such as block or allow) in a device configuration. Microsoft changed this claiming that feature was a bug and corrected (essentially making it so the Update function cannot do anything if there is a group assigned to it...which means you cannot do updates on a production configuration since they need groups to be assigned to it).
Microsoft says that the Assign permission handles this functionality (but also allows to add/remove assignment groups).