Can we join devices to Azure AD and enroll it to Intune, without give local admin rights to end user

Copper Contributor

I would like to auto enroll devices to Intune, when the devices get joined to Azure AD. However, every time users gets the local admin rights on the devices. 

 

Is there any way to enroll users with no admin access on the device?

1 Reply
Use Autopilot and configure the Autopilot profile to makethe user a standard user? Of course there are 1000 and 1 options out there to make sure the user isnt or become a local admin on the device

Some options are mentioned here... (we are using a powershell script /scheduled task to remove almost everyone from the local admin group even the two build in sids)
https://call4cloud.nl/2021/04/dude-wheres-my-admin/