Forum Discussion
Intune - remove local admins
Hello All, In our workgroup environment, users currently have local admin rights. After performing Entra join and onboarding devices to Intune, how can we remove all users from the local administr...
I've done this before, i've found the 'Account protection' under 'Endpoint security' to work really well here:
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-account-protection-policy
Hello tomwoodward
Thanks for useful the link shared.
1, We want to remove standard accounts that are created locally in Windows devices from Administrators group.
With the 'Account protection' option, we can do that by using the option 'Add (Replace)' for Administrators group and select any one of the Entra user? There is no option here add an account created locally.
2. How about adding or keeping a common standard account which is created locally in the device to the Administrators group only?
Thanks
