Remove admin rights from already joined intune devices

Hi, I am very new to intune and trying to fix a problem for my company, the person who created this is no longer working so i am very new to this and i am trying to help the team. We have 14 d...

Conditional Access

Intune

Vikasnagaraj95

Copper Contributor

Rudy_Ooms_MVP

Thank you very much for the resources again i was able to figure it out and got it working.

Here are the steps i followed if anyone in future wants help.

Endpoint security>account protection>create policy

1. Platform-> Windows 10 and later

2. Profile-> Local user group membership.

3. Gave Name and description as required

4. Administrators=>Add(Replace)=>Manual=>Add user(s)=>Enter th SID of the group or user you want to make admin.

To get the SID from Obect ID i followed this guide
https://answers.microsoft.com/en-us/msoffice/forum/all/power-shell-script-to-convert-convert-aad-object/c562dc4d-e1e4-4ef4-9dab-04466d49c425

5. Add scope tags if required

6. Assignments add the group which has the device in them.

note: I created a security group added the test device to it and added it to assignments.

7. Review and create.

After all this i restarted the computer and it updated the administrator in users and groups.

Before:

After:

Marc_Kerkvliet

Copper Contributor

Oct 25, 2023

Vikasnagaraj95

Great I used this to remove created administrators group membership in the past!

We use now
Manage Additional local administrators on all Microsoft Entra joined devices

Forum Discussion

Remove admin rights from already joined intune devices

Share

Resources