By Laura Arrizza – Program Manager II | Microsoft Endpoint Manager – Intune
We are pleased to announce a new experience to configure local user group membership settings for Windows devices. Th...
Updated Dec 01, 2023
Version 11.0
Blog Post
4 MIN READ
New settings available to configure local user group membership in endpoint security
Very happy to see this admin-friendly interface to manage local device administrators. We have implemented this solution as well, but are facing an issue. When we add groups (either cloud only or synced from on-prem), we do not receive the local administrator permissions immediately. We must first login on the device so that the group membership is synced and then we have the option to run applications as admin when a regular user is logged on.
Run as administrator does only work when we add the user directly. We tried different ways of assigning the local administrator permissions to a group via AAD-SID, via an AAD-group and with a synced on-prem group.
Is there any way we can bypass the need for a login on the device when updating members of administrators with a group? (we are using AAD devices)