SOLVED

Device admin

%3CLINGO-SUB%20id%3D%22lingo-sub-241423%22%20slang%3D%22en-US%22%3EDevice%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241423%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20enrolled%20devices%20in%20Intune%3B%20the%20user%20is%20a%20non-admin%20user.%20When%20the%20user%20want%20to%20install%20a%20program%2C%20a%20popup%20screen%20is%20coming%20up%20asking%20the%20AAD%20admin%20user%20credentials.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20assign%20a%20role%20to%20a%20helpdesk%20user%20to%20be%20this%20local%20admin%20user%2C%20but%20this%20role%20is%20not%20available%20in%20Intune%2C%20although%20%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FUserDetailsMenuBlade%2FAdministrativeRole%2FuserId%2Fc9e59cf6-ffe9-4189-9b4c-e6c5d0afda8d%2FadminUnitObjectId%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethe%20documentation%3C%2FA%3E%20from%20MS%20speaks%20about%20an%20'device%20administrator'.%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20assign%20this%20role%20to%20an%20non-admin%20AAD%20user%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-241423%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-241623%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241623%22%20slang%3D%22en-US%22%3EGreat%20answer%20Peter%2C%20thnx!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-241616%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-241616%22%20slang%3D%22en-US%22%3E%3CP%3EA%20device%20administrator%20is%20not%20a%20local%20administrator%20on%20your%20device.%3CBR%20%2F%3EIn%20Azure%2C%20device%20settings%20you%20can%20add%20users%20which%20will%20be%20local%20admin%20on%20your%20Azure%20AD%20joined%20devices.%3CBR%20%2F%3EOr%20have%20a%20look%20at%20this%20article%20%3CA%20href%3D%22http%3A%2F%2Fwww.scconfigmgr.com%2F2018%2F08%2F30%2Fconfigure-restricted-groups-with-intune-policy-csp%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.scconfigmgr.com%2F2018%2F08%2F30%2Fconfigure-restricted-groups-with-intune-policy-csp%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

We have enrolled devices in Intune; the user is a non-admin user. When the user want to install a program, a popup screen is coming up asking the AAD admin user credentials. 

I want to assign a role to a helpdesk user to be this local admin user, but this role is not available in Intune, although the documentation from MS speaks about an 'device administrator'. 

How can assign this role to an non-admin AAD user?

2 Replies
Highlighted
Solution

A device administrator is not a local administrator on your device.
In Azure, device settings you can add users which will be local admin on your Azure AD joined devices.
Or have a look at this article http://www.scconfigmgr.com/2018/08/30/configure-restricted-groups-with-intune-policy-csp/

Highlighted
Great answer Peter, thnx!