Event details
MicrosoftTLyon-TMF The RSAT tools should work on Entra-joined devices as long as your user account exists in AD DS. It's the user identity that would determine if the tool can run and be logged into, not the device identity. And you can use Intune's Local Users and Groups policy to manage group membership in the local Admin group on the Intune-managed devices.
Hi Joe,
I'm not sure if I understand you fully or maybe I miscommunicated something, but if I am, that's the core issue actually. The way we are set up is that we run user accounts and then escalate to administrative accounts say for domain admin privileges. A good example would be logged in as "Joe" as the user account and using "Admin.Joe" as the domain admin account to access AD DS. The Windows Hello for Business passwordless experience blocks us off to just the local admin account for escalations.