Forum Discussion
Michael Jensen
Nov 05, 2019Brass Contributor
Azure AD Joined device, without user is local administrator?
Hi,
If I reset af Windows 10 device to factory settings, and then after reset logs in using my Office 365 account (With an Enterprise Mobility + Security Licecense added), I then become local administrator.
Can we change this behavior somehow? I cant seem to find any valid solution.
Or should I enroll the devices using an existing user designed for "Local administrator", and then change user afterwards? Or should I go with a Enrollment manager?
- Thijs LecomteBronze ContributorHi
The user who joins the device to AAD is an administrator by default. There is no setting to disable it.
The only way around it is to use Autopilot. That way you can configure if the user who joins the device becomes local admin or not.
Kind regards
Thijs- Michael JensenBrass ContributorHi.
Yes, I have been looking into the Autopilot option too. But as all devices are in use now, I dont have the Hardware ID's, and devices should not be formatted.
Currently I am testing using a Enrollment manager - so far working fine, by enrolling using that, and then "Change user". Other users are not Local administrators.
Is that an option on the long term?
I can see company portal is added on both accounts, and I can deploy software, as long as its on device level.- Thijs LecomteBronze ContributorThat's one way to do it.
But I would advise Autopilot, you can use it for existing devices too