Forum Discussion

Vikasnagaraj95's avatar
Vikasnagaraj95
Copper Contributor
Jun 06, 2023

Remove admin rights from already joined intune devices

Hi, 

I am very new to intune and trying to fix a problem for my company, the person who created this is no longer working so i am very new to this and i am trying to help the team. 

 

We have 14 devices enrolled via intune and users were added as work or school and they have admin rights on the computer, we want to remove the admin rights of the user using the computer. How do achieve this ? Below screenshot is what i see under local user and groups.

 

 

Under Azure AD-->Devices-->Device settings-->Device administrator|Assignments we have security group created and 4 users are added to it we want only the users under this group to have admin rights for intune devices. 

Please help thank you.

Conditional Access
Intune

4 Replies

Sort By
    • Vikasnagaraj95's avatar
      Vikasnagaraj95
      Copper Contributor
      Jun 06, 2023

      Rudy_Ooms_MVP 

       

      Thank you very much for the resources again i was able to figure it out and got it working. 

      Here are the steps i followed if anyone in future wants help.

      Endpoint security>account protection>create policy

      1. Platform-> Windows 10 and later

      2. Profile-> Local user group membership.

      3. Gave Name and description as required

      4. Administrators=>Add(Replace)=>Manual=>Add user(s)=>Enter th SID of the group or user you want to make admin.

       

      To get the SID from Obect ID i followed this guide 
      https://answers.microsoft.com/en-us/msoffice/forum/all/power-shell-script-to-convert-convert-aad-object/c562dc4d-e1e4-4ef4-9dab-04466d49c425

       

      5. Add scope tags if required

      6. Assignments add the group which has the device in them. 

      note: I created a security group added the test device to it and added it to assignments.

      7. Review and create.

      After all this i restarted the computer and it updated the administrator in users and groups. 

       

      Before: 

       

      After: 

       

       

      • Marc_Kerkvliet's avatar
        Marc_Kerkvliet
        Copper Contributor
        Oct 25, 2023

        Vikasnagaraj95 

        Great I used this to remove created administrators group membership in the past!

         

        We use now
        Manage Additional local administrators on all Microsoft Entra joined devices

         

         

         

    • Vikasnagaraj95's avatar
      Vikasnagaraj95
      Copper Contributor
      Jun 06, 2023
      Thanks Rudy for the resources, ill be honest i am a power platform developer so i have very little knowladge about intune, which will be the best option here, to remove admin rights from the devices and have only the users in security group to have admin rights

Resources