Share via

Preventing user from having local admin access in Intune auto-enrollment

Nishith Konchady 55 Reputation points
2024-02-13T06:56:00.67+00:00

Is there a policy available in Intune that can prevent a user from receiving local admin access on their laptop during auto-enrollment? We have a client with auto-enrollment feature enabled for their tenant, but we'd like to set up their users with standard user access instead of local admin. Any suggestions or solutions would be appreciated. Thank you!

Microsoft Security | Intune | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 54,306 Reputation points Microsoft External Staff
    2024-02-13T08:20:19.5933333+00:00

    @Nisk, Thanks for posting in Q&A. To remove the local admin permission, you can create "Local user group membership" profile under Endpoint security > Account protection, choose Add (Replace) action to replace current membership of local administrators group or choose Remove (Update) action to remove users from local administrators group. Here is a link with more details:

    https://techcommunity.microsoft.com/t5/intune-customer-success/new-settings-available-to-configure-local-user-group-membership/ba-p/3093207

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.