Forum Discussion
Remove admin rights from already joined intune devices
https://call4cloud.nl/2021/04/dude-wheres-my-admin/
https://call4cloud.nl/2020/03/remove-all-local-admins/
- Thanks Rudy for the resources, ill be honest i am a power platform developer so i have very little knowladge about intune, which will be the best option here, to remove admin rights from the devices and have only the users in security group to have admin rights
Thank you very much for the resources again i was able to figure it out and got it working.
Here are the steps i followed if anyone in future wants help.
Endpoint security>account protection>create policy
1. Platform-> Windows 10 and later
2. Profile-> Local user group membership.
3. Gave Name and description as required
4. Administrators=>Add(Replace)=>Manual=>Add user(s)=>Enter th SID of the group or user you want to make admin.
To get the SID from Obect ID i followed this guide
https://answers.microsoft.com/en-us/msoffice/forum/all/power-shell-script-to-convert-convert-aad-object/c562dc4d-e1e4-4ef4-9dab-04466d49c4255. Add scope tags if required
6. Assignments add the group which has the device in them.
note: I created a security group added the test device to it and added it to assignments.
7. Review and create.
After all this i restarted the computer and it updated the administrator in users and groups.
Before:
After:
Great I used this to remove created administrators group membership in the past!
We use now
Manage Additional local administrators on all Microsoft Entra joined devices
