This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 7.000000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM0%3C/text%3E%3C/svg%3E)
Is there any way to let an user install softwares on their machines, and their machines only? We have hybrid Azure AD joined devices and the users should be able to install any software without needing an authentification from an Admin. How is this possible?
@MP-0852 ,
,Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
The most common way to achieve this is to make the users local device admins.
Here's a how to for Azure AD:
https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
If this is not an option for you, then you might be able to control the required level of access for installing applications by using Intune configuration policies or else group policy through Active Directory.
I just want my users to be able to install programs on their computers, so it's not an option to make them device admins. Is there any way to give them JUST the hability to install what they want?
Hello @MP-0852 ,
Thanks for reaching out.
No, standard users require admin access to install software and it depends on the software architecture, because user can install software which only need access on user profile like Edge , Chrome browser exe which doesn't require Admin access to install setup. Similarly, for an example if application files going to install it on drive where standard user doesn't have access like Application need write permissions on .\Programfiles directory to store config files in such cases it require elevation as Admin account.
Alternatively, as an admin you can install software remotely or have central repository software management tools like SCCM or use third-party software to give Admin elevation just in time access.
Hope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 51%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
The real MS solution is to deploy Software Center which requires licenses - you'll need to research which you have and/or need. I see a lot of people asking about this on the Internet and no one at MS or an "expert" mention this. SC lets an admin create a curated list of software packages and grant installation permissions to user/groups/machines etc. There are also tools for creating your own packages or modifying standard packaged Windows software (msi) for your environment. If you are in an Active Directory domain/forest environment with a large and/or remote user base, this is your tool. Disclaimer: I have no financial or other interest in Microsoft or this software specifically.