We have some PCs deployed via a "Standard User" autopilot profile (Hybrid Azure AD). However we have created a policy to get a elevated prompt when a user wants to install a software and if we enter global administrator credentials, it will install the application. But we don't want to give helpdesk users this GA permissions and want to know whether "Device Administrator" in Azure AD can perform this?
You don't need to use the Global Admins, you can assign Device Admins, but they can't be scoped they are admins on all your devices. With 2004 we got an option via a config profile (OMA-URI) to control membership in local Administrators group on Windows 10. That's all build in. If that is not sufficient, you need to use a LAPS solution out there.