Have yet to be able to find a successful process/script/etc for removing local admin privileges from aad joined or hybrid devices for the corporate users. Examples: Bob is a new employee, we ship him a laptop new in the box. No autopilot, just a new one off the shelf with Win 11 pro. Bob has the necessary 365 licenses, he goes thru the OOBE with his 365 credentials, It makes him an administrator, seems to be no easy way to remove that from him. Dave, on the other hand, Dave has been around a bit, his laptop is 2 years old, we are only starting to roll out intune, Dave logs into his laptop with a local account, it was upgraded from win10 to win 11 pro but he uses a local account, then accesses work/school via the usual apps and browsers, but, Dave is the only administrator account and his system is AAD Registered. How do we easily make Dave a local user and not an admin anymore? There is a catch, Neither Dave nor Bob are in the office, they work from home (remote employees).