get local administrators report of device joined to AAD

Question

Folks, all my windows 10 devices are Azure AD joined. There is no on-premises AD.

Is there way to pull members of local administrators group. For example users who is local administrator?

Answer 1

@Arif Usman , Based on my research, there's no such report now. We can request this feature in Intune uservoice or vote the thread which EswarKonet provided:
https://microsoftintune.uservoice.com/forums/291681-ideas

During my research, I find a link describe the methods of gathering local admin info via Powershell as a reference:
https://flow.microsoft.com/tr-tr/blog/advanced-flow-of-the-week-gathering-local-admin-satus-from-microsoft-intune/

Hope it can help.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

There is no built-in way to get the report using intune. You may have to explore using the log analytics or so but haven't tried it this method though.
For managing the local administrators, you can refer this blog post https://www.jeffgilb.com/managing-local-administrators-with-azure-ad-and-intune/

User voice https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/39906043-collect-informations-to-manage-w10-local-administr

Thanks,
Eswar

Answer 3

Hi Eswar, thanks for your reply...i had read and kind of implement to manager administrators through SID. but what i am looking for to get kind of report. i mean Intune is pulling discover apps and other information, shouldn't be hard to add this feature.
Log analytic would be over burden with over couple of thousands devices.

thanks

Answer 4

@Crystal-MSFT i did put in uservoice .

2nd i have implemented 'Gabriel Hollandsworth' solution (thanks for your link) and it is working great. so thanks for you and Gabriel.

thanks