Azure Joined Devices - Permission

Question

Hi,&nbsp;We are in the process of Azure Joining our company issued laptops. How can I set up permissions to the laptop users to not be able to make changes to the devices without an Administrator?&nbsp;&nbsp;Thigns like installing applications. Changing system settings, etc.&nbsp;

mathieuvandenhautte · Answer

Hi Nicole,By default, Azure AD adds the user performing the Azure AD join to the administrator group on the device.You can manage the device administrator via the Azure Portal (Azure Active Directory &gt; Devices &gt; Device settings). Please note that this option&nbsp;requires Azure AD Premium licenses.The changes are effective from the moment the users sign-out and sign back in again on their devices or when when the&nbsp;new Primary Refresh Token is issued (Upto 4 hours).

nicolepabon09 · Answer

MathieuVandenHautte&nbsp;&nbsp;I'm not sure that answers my question. When I Azure join a device such as a laptop - the account used is automatically assigned as an Administrator on that laptop. I do not want the user to be assigned an administrator on such device. I do not want them to modify the laptops like downloading applications, removing application, etc.&nbsp;&nbsp;I followed your recomendation and found the Device Administrators Assignments but the 2 listed are myself and another Global Administrator. Which I want to have Administrator rights on every laptops.&nbsp;&nbsp;How Can I solve my problem?&nbsp;

kidd_ip · Answer

NicolePabon09&nbsp;Check on this:&nbsp;https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-available-to-configure-local-user-group-membership/ba-p/3093207&nbsp;&nbsp;

Forum Discussion

Azure Joined Devices - Permission

3 Replies

Resources