Forum Discussion
Why our users are getting local admin access on devices when the device runs through Autopilot profi
Why our users are getting local admin access on devices when the device runs through Autopilot profile and Azure AD joined devices even after we have selected Standard user in the Autopilot profile? ...
Thanks for your reply on this @Harm_Veenstra
You mean this settings in Entra ID below
It does shows "All"
This is what I am seeing so seems this is the one responsible for this but I am not sure.
Yes, so this is not happening because someone added a group there. But Rudy is on the right path with this issue 🙂
Which group you are talking about on this as I shared the screenshot from Entra ID its for All and seems its by default and now if we wanted to prevent/stop what is the right setup/configuration we need to do which will not let this happen in future.
And to remove from the devices we can run the script Rudy has shared or from Intune which I know via Account protection under Endpoint Security.
- If there were a group added to the Device Administrators, then it would explain why the user has admin rights. But there isn't, so no issue there
this is happening even when we join device to Entra ID as joined device from device "Connect " button inside Access work or school option.
