28,660 questions
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
local admins report (AAD joined devices)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 76%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
crib bar
846
Reputation points
We used to run a tool called 'Get Local Admins GUI' when our servers and workstations were joined to an on-premises active directory domain, that would show which users and groups had local admin rights to all of our servers and workstations, and we could output the file to a CSV:
[http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html]
We are looking for an equivalent tool or script that can pull the same information from Azure AD / InTune managed devices, for an audit. Or any out-of-the-box reports within Azure AD/InTune that we could possibly use?
Do you have any recommendations if you have had to produce something like this? Ideally it would be something that would run over the entire directory/inventory for all devices, and not have to query each device as there is a sizeable number.
Windows for business | Windows Client for IT Pros | User experience | Other
Microsoft Security | Intune | Other
5,571 questions
Microsoft Security | Microsoft Entra | Other
2,611 questions
Accepted answer
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht 51,055 Reputation points MVP Volunteer Moderator2024-07-29T11:43:56.3466667+00:00
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
ZhoumingDuan-MSFT 17,165 Reputation points Microsoft External Staff2024-07-30T02:29:36.89+00:00 @crib bar, Thanks for posting in Q&A.
From your description, I know you want to create a report via Intune to show which users and groups had local admin rights to all of your servers and workstations.
Based on my research, there is no specific report available to get the information about users who have local admin rights on their devices via Intune. However, I find a link describe the methods of gathering local admin info via script as a reference:
https://www.systanddeploy.com/2021/12/intune-reporting-with-log-analytics.html
Non-official, just for reference.
Also you can open premier case to see if you can get more help on this.
https://learn.microsoft.com/en-us/mem/get-support
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.