Forum Discussion
Deploying a Local Admin Account to Multiple Targets
Hello, Thanks for this forum and your time. I recently started using Intune to manage mobile devices for an organization. I recently went to do some admin work on intuned laptops and found that I...
there are two primary methods I've found to make this kind of situation work, depending on your domain situation.
- Domain Hybrid Joined -> LAPS
- Create policy under Account Protection using profile "Local admin password solution (Windows LAPS)" with desired configuration settings.
- Create a device configuration policy (separate from LAPS above) with Settings Catalog.
- Add settings:
- "Accounts Enable Administrator Account Status" set to Enable.
- "Accounts Rename Administrator Account" set to desired name (whatever you set in LAPS Policy).
- Add settings:
- Deploy both policies to desired group of devices.
- Entra Joined
- Create an EntraID security group for administrative users.
- Add the Azure role "Microsoft Entra Joined Device Local Administrator" to the group you created.