Hi All,
As I imagine many companies, we dont want the majority of our users having local admin rights on their laptops, however we still need a local admin on those devices to be able to support them (which we will also share with our MSP).
So I found the section for Device Administrators and from everything I have read anyone assigned to this group should become a local admin. However we created a new account localadmin@ and assigned it to this group months ago (it kind of fell off the priority list for awhile) and I just had a chance to check and its not visible on the local users group on my laptop.
So I guess firstly is there something I may have missed, or secondly am I using this in the wrong way?
Steps:
- go to Dashboard\Devices\Device Settings
- click Manage Additional local administrators on all Azure AD joined devices
- click Add assignments
- Add Localadmin@ User and save