AADJ device breaks profiles if user is removed from "local admin" role

Danny Hald Lorenzen 0 Reputation points
2023-05-16T15:09:48.1466667+00:00

Hi,

We have been experiencing a very strange behavior on some of out desktops.
They are all Azure AD Joined, managed by Itune and AD users can log in without issues.

But due to new restrictions, no user should be local admin on the joined devices.
When role is removed from the user in AAD it's not removed on the device configuration and in some cases the profile crashes and needs to be recreated on the device.
Nothing shows up in event.
Any idea is welcome.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
715 questions
{count} votes