Home

Is there anyway of using none-admin users on compliant devices?

Ion Zubia
Contributor

Hi,

 

When working with Intune and Conditional access you need to use an administrator account to make any device compliant. However, is there anyway to use an standard user once the device is register in Azure and marked as compliant? I can only make it work with admin users.

 

Thank you,

 

Ion

4 Replies

What do you mean that you need to use an admin user to make it compliant?

 

Are you auto-registering and auto-enrolling the devices in Intune?

 

I have Windows 10 clients here with non-admin users, and they're marked as compliant in Intune. No extra steps by an admin user were needed to get to that state.

Hi,

 

I believe a hybrid environment is needed to accomplish this scenario. At the moment our premise infrastructure has 0 connection to our 365 and Azure AD.

 

I'm forcing compliance to a few users, however, even if their Windows 10 machines are marked as compliant, these users will only be able to access their data if they're logged in with a local admin account. Otherwise access is denied and the device detected as non compliant.

 

And no, I'm enrolling the devices manually.

I'm confused why they are logging in with local admin accounts and then accessing Office 365 services. Can you explain why they are doing that?

Hi,

 

They don't, we make the computers compliant manually and then hand it to the users (this hasn't been deployed yet, so we are still testing it).

 

To make the device compliant you need to use an administrator account, a regular user will  not be able to go thru the enrolment process to make the PC compliant. However, I do not want the end user to use a device with local admin rights. I can manually make a Windows 10 machine compliant with the Intune policies (making the machine Azure registered and Intune compliant). To do this you need a user with local admin rights.


Once the device is compliant, if I switch to a regular user's account with no local admin rights, it then fails to access data (e.g, logging into Office 365). If I, however, access the device with a user with local admin rights, I'll be able to access the data successfully.

 

We need to do this manually because our on premise 2012 AD has absolutely no connection to our Azure AD. 

 

If I may ask, do you work on a hybrid environment, on premise or cloud solution (Azure)?

 

Thank you.

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies