Event details

Whether you're in the exploratory stage or already implementing Intune for macOS, we invite you to join this Ask Microsoft Anything (AMA) to see a demonstration of the new Platform Single Sign-On (Pl...
Char_Cheesman
Updated Dec 27, 2024
AMA
Tech Community Live
Pelle-netpack's avatar
Pelle-netpack
Copper Contributor
Mar 11, 2024
Question: When enrolling a Mac the user becomes root user on that Mac, how to convert this root (primary) user to a standard user without local admin rights?
  • AnyaNovicheva's avatar
    AnyaNovicheva
    Icon for Microsoft rankMicrosoft
    Mar 20, 2024

    Hi Pelle-netpack, thank you for your question! One admin user on a Mac is required, so you need at least another user to downgrade that initial admin user. To downgrade an initial admin user, you can use a script to make that user a standard user. Or you can use platform SSO to define user rights (as a new user, and as a persistent user).

    It is on our roadmap to add local admin configuration settings within the macOS enrollment policies so you can do this directly from the enrollment policy (configure both an admin user and a primary standard user from the same enrollment policy). 

  • Char_Cheesman's avatar
    Char_Cheesman
    Bronze Contributor
    Mar 20, 2024

    Thanks for participating in today's session of AMA: Securely manage macOS with Intune! For reference, the panel covered this topic at around 6:30.

  • Fernando_Mata's avatar
    Fernando_Mata
    Occasional Reader
    Mar 14, 2024
    We're using shell scripts to create a local admin account with an encrypted password and downgrade the others.
    • Ronnie Jakobsen's avatar
      Ronnie Jakobsen
      Copper Contributor
      Mar 17, 2024
      Would be nice to have a policy item for this, and maybe also to have Intune create an admin account to be used for "emergency" access via FileVault recovery key