Forum Discussion

Tim_Earp's avatar
Tim_Earp
Copper Contributor
Oct 18, 2021

AAD Just in time/JIT for Local Administrator group on workstations

Sorry if this is the wrong forum.. happy to move to the correct if required.

Hi! I'm looking to remove all users from having Local Administrator (hang over from an Azure join) on their workstations. Some users do still require/demand this and I have to be able to cater for this so that the business buy into the change.

My thoughts are to purchase AAD P2 licenses and just Just In Time to grant access to an Azure group that will be within the workstation 'administrators' group. Is this something that anyone has had experience of/has read a blog/question has already been asked and answered please?

  • Tim_Earp's avatar
    Tim_Earp
    Copper Contributor
    Ok, so reviewing my own question and what's available within AAD, this looks more PIM than JIT related. Will need to see if AAD Groups can be updated and not just role membership,

Resources