SOLVED

Device admin

%3CLINGO-SUB%20id%3D%22lingo-sub-241423%22%20slang%3D%22en-US%22%3EDevice%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241423%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20enrolled%20devices%20in%20Intune%3B%20the%20user%20is%20a%20non-admin%20user.%20When%20the%20user%20want%20to%20install%20a%20program%2C%20a%20popup%20screen%20is%20coming%20up%20asking%20the%20AAD%20admin%20user%20credentials.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20assign%20a%20role%20to%20a%20helpdesk%20user%20to%20be%20this%20local%20admin%20user%2C%20but%20this%20role%20is%20not%20available%20in%20Intune%2C%20although%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FUserDetailsMenuBlade%2FAdministrativeRole%2FuserId%2Fc9e59cf6-ffe9-4189-9b4c-e6c5d0afda8d%2FadminUnitObjectId%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethe%20documentation%3C%2FA%3E%20from%20MS%20speaks%20about%20an%20'device%20administrator'.%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20assign%20this%20role%20to%20an%20non-admin%20AAD%20user%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-241423%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-241623%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241623%22%20slang%3D%22en-US%22%3EGreat%20answer%20Peter%2C%20thnx!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-241616%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241616%22%20slang%3D%22en-US%22%3E%3CP%3EA%20device%20administrator%20is%20not%20a%20local%20administrator%20on%20your%20device.%3CBR%20%2F%3EIn%20Azure%2C%20device%20settings%20you%20can%20add%20users%20which%20will%20be%20local%20admin%20on%20your%20Azure%20AD%20joined%20devices.%3CBR%20%2F%3EOr%20have%20a%20look%20at%20this%20article%20%3CA%20href%3D%22http%3A%2F%2Fwww.scconfigmgr.com%2F2018%2F08%2F30%2Fconfigure-restricted-groups-with-intune-policy-csp%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.scconfigmgr.com%2F2018%2F08%2F30%2Fconfigure-restricted-groups-with-intune-policy-csp%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Harry Dubois
Contributor

We have enrolled devices in Intune; the user is a non-admin user. When the user want to install a program, a popup screen is coming up asking the AAD admin user credentials. 

I want to assign a role to a helpdesk user to be this local admin user, but this role is not available in Intune, although the documentation from MS speaks about an 'device administrator'. 

How can assign this role to an non-admin AAD user?

2 Replies
Solution

A device administrator is not a local administrator on your device.
In Azure, device settings you can add users which will be local admin on your Azure AD joined devices.
Or have a look at this article http://www.scconfigmgr.com/2018/08/30/configure-restricted-groups-with-intune-policy-csp/

Great answer Peter, thnx!
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies