Hello @Deets ,
Thank you for asking this question on the Microsoft Q&A Platform.
Azure AD adds the user performing the Azure AD join to the local administrator group on the device, which allows them to manage the device and install the software's on the machine.
Below article has more information about it,
https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
Hope this helps.
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.