2,597 questions
You have to use Autopilot.
- When you setup Autopilot, you have an option to make enrolling user a standard one.
Change account type Azure Ad join
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 92%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Vortal
1
Reputation point
Good morning to all,
I have this problem that i´m trying to solve it but after some intense reseacrh i can´t find a solution.
When i do Azure AD join with an account it always adds the user as a local administrator. My question is, how can i change this default configuration? and how can i change the account type to standard for a large number of users without doing one by one.
Thank you,
Microsoft Security | Microsoft Entra | Other
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 50%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Pa_D 1,071 Reputation points2021-03-08T21:24:21.767+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator2021-03-09T00:39:41.717+00:00 Hi @Vortal ,
Windows Autopilot should be the solution you are looking for. Reference: How to manage the local administrators group on Azure AD joined devices
Autopilot provides you with an option to prevent primary user performing the join from becoming a local administrator.
The other option is bulk enrollment, since an Azure AD join performed in the context of a bulk enrollment happens in the context of an auto-created user. Users signing in after a device has been joined are not added to the administrators group.
EDIT: I answered this before seeing that someone else had commented the same thing, since my browser did not refresh to show the comment. But the previous answer is right :)
-
Vortal 1 Reputation point
2021-03-09T12:23:23.37+00:00 Hi there,
Ok i have to create an auto pilot profile with my specifications, including enrolling the account as a standard one. But the problem is that i have already many devices joined on AzureAD as a local administrator and i want to change them to standard without the need of access the computer itself.
I checked the bulk enrollment option but it seems not doing what i need. Is there a way to do this, lets say via powershell command?
Thank you,
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 38%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
Gurumoorthi J 0 Reputation points2023-04-06T05:22:55.0366667+00:00 How to Azure AD Join Administrator type change to standard type in Azure portal policy.....