Forum Discussion

NicolePabon09's avatar
NicolePabon09
Copper Contributor
Jun 22, 2023

Azure Joined Devices - Permission

Hi,   We are in the process of Azure Joining our company issued laptops. How can I set up permissions to the laptop users to not be able to make changes to the devices without an Administrator?   ...
azure policy
MathieuVandenHautte's avatar
MathieuVandenHautte
Iron Contributor
Jun 22, 2023

Hi Nicole,

By default, Azure AD adds the user performing the Azure AD join to the administrator group on the device.

You can manage the device administrator via the Azure Portal (Azure Active Directory > Devices > Device settings). Please note that this option requires Azure AD Premium licenses.

The changes are effective from the moment the users sign-out and sign back in again on their devices or when when the new Primary Refresh Token is issued (Upto 4 hours).

NicolePabon09's avatar
NicolePabon09
Copper Contributor
Jun 22, 2023

MathieuVandenHautte 

 

I'm not sure that answers my question. When I Azure join a device such as a laptop - the account used is automatically assigned as an Administrator on that laptop. I do not want the user to be assigned an administrator on such device. I do not want them to modify the laptops like downloading applications, removing application, etc. 

 

I followed your recomendation and found the Device Administrators Assignments but the 2 listed are myself and another Global Administrator. Which I want to have Administrator rights on every laptops. 

 

How Can I solve my problem? 

Resources