Windows 365 Business Cloud PC Local Admin

rtccoupe · ‎Aug 04 2021

Hello,

I have deployed Windows 365 Business and thus far it is working great. However, I was wondering if each user is required to have local admin privilege's? Thanks!

Eric Orman · ‎Aug 05 2021

Yes, all users are local admins in the Business option currently of Windows 365, see the second paragraph here = https://docs.microsoft.com/en-us/microsoft-365/admin/setup/get-started-windows-365-business?view=o36...

msmotto21 · ‎Aug 12 2021

I have also asked myself this question. from a security point of view whether something can be changed. I simply created a new user in the computer administration and added this user to the administrators group. Then I took out my AD user. Afterwards you are always asked for increased rights in the UAC for installers and can enter the local admin. With this I think you have increased the security a bit.
If someone has a different opinion or would like to share some additional security advice with us, I would be very grateful.

Regards Sebastian

Eric Orman · ‎Aug 12 2021

We are currently investigating capability to provisioning Business Cloud PC's without requiring users to be local admins, they would be standard users. There is problems with this because without MEM there will not be a way to perform elevated administration on these devices. More details to come as we continue our development/progress.

rtccoupe · ‎Aug 12 2021

Thank you Eric. I bring this up as many MSPs have been asking how to remove the local admin for the user for Windows 365 Business Cloud PC and the current inability for them to do so is creating a barrier of entry for consuming the product. Thanks again!

Ryan

msmotto21 · ‎Aug 12 2021

Hi Eric, okay what does this exactly mean? Now im standard user but i have no problem with Microsoft Endpoint Manager. For example i could onboard MDE via Endpoint Manager (applying condigs works) .Does my described workarround currently have a technical limitation for me or have I restricted any service with it? Thanks. Regards Sebastian

Eric Orman · ‎Aug 12 2021

@msmotto21, if we provision a Business Cloud PC for a user that is a standard user, that user will not have administrator access and therefore will not have ability to install and configure anything because they don't have permissions. If the device is MEM enrolled (customer would need to have auto enrollment enabled when the device performs AADJ) then MEM admin will be able to have full management capabilities.

M_Titcombe · ‎Aug 15 2023

@Eric Orman, is there an update to this? From a compliance point of view, a standard user cannot have local admin rights to the Win365 provisioned instance. We do not want users installing software. Or, is there a workaround to strip it later?

ivaylo_ivanov · ‎Aug 18 2023

@M_Titcombe we introduced functionality in late 2021 to give admins more granular control over account types.

Users who are assigned a Windows 365 Business Cloud PC have standard user permissions by default. This default can be changed in the Organization Settings available at windows365.microsoft.com. More information is available in our documentation: Change organizational default settings in Windows 365 Business | Microsoft Learn

In addition, you can also change the account type on an already-created Cloud PC: Remotely manage Windows 365 Business Cloud PCs | Microsoft Learn

Windows 365 Business Cloud PC Local Admin

Windows 365 Business Cloud PC Local Admin

RE: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Re: Windows 365 Business Cloud PC Local Admin

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows 365 Business Cloud PC Local Admin