Event banner

AMA: Windows Autopilot

Event Ended
Wednesday, Jun 05, 2024, 10:30 AM PDT
Online

Event details

Deploying Windows is getting even easier with the next generation of Windows Autopilot. In this Ask Microsoft Anything (AMA) session, we’ll answer your questions and offer tips to help you take advan...
Heather_Poulsen
Updated Dec 27, 2024
AMA
Tech Community Live
Joe_Friedel's avatar
Joe_Friedel
Brass Contributor
Jun 05, 2024
We changed the new Entra setting "Registering user is added as local administrator on the device during Microsoft Entra join (Preview)" to None expecting this would make the only way for the registering user to become an admin be from an Autopilot profile that sets the User Account Type to Administrator. Instead, all devices completing Autopilot had no accounts as administrators regardless of the setting in the Autopilot profile. Is this the expected behavior? If someone does a manual Entra join, we don't want them to be admin, but we have one scenario where we need the user to be admin and have the Autopilot profile set that way.
  • Jajabor's avatar
    Jajabor
    Copper Contributor
    Jun 05, 2024

    If you want to have a local admin account, you can create a new local admin account using OMA-URI and use LAPS.

  • Jason_Sandys's avatar
    Jason_Sandys
    Icon for Microsoft rankMicrosoft
    Jun 05, 2024
    To my knowledge, yes this is expected behavior. For your scenario, you should block personal enrollment to Intune and use CA to block access to corporate resources from an unmanaged device.
    • Jon_Andes's avatar
      Jon_Andes
      Icon for Microsoft rankMicrosoft
      Jun 05, 2024
      The most secure setting wins, so Entra policy setting to None wins out in this case.
Date and Time
Jun 5, 202410:30 AM - 11:30 AM PDT