Event banner
Event details
With the current abilities of Autopilot we have the option of setting the local user as an admin on the device or a standard user. Will there be future options to allow for a local admin account to be created or allowing specific Azure accounts to have local admin on the devices since they are Azure AD joined. As with I am sure other organizations we do not want to grant end users admin on their devices but it seems Autopilot orphans the device with no admin as the built in local admin account is disabled if we set the Autopilot configuration so the user has standard privileges. This is then a gap from a support perspective.
Jason_Sandys
Microsoft
MicrosoftWelcome back ChrisWilliams 
and thank you again for the question. There are no specific capabilities within Autopilot or AAD for this, however, we've continued to iterate on the built-in CSP for managing local admin permissions on managed devices. Here's a fabulous blog (non-Microsoft but written by a excellent Microsoft resource): Managing Local Administrators with Azure AD and Intune – Jeff Gilbert's Cloud. Please let me know if this doesn't fully address your challenge(s) though.
- Thanks again for the reply and I will review Jeff's blog in detail which may answer some of those issues we have been experiencing.