Why local admin access is not being added/delivered to a autopilot enrolled device via Intune?

Vinod Survase 4,716 Reputation points
2023-08-09T08:42:37.02+00:00

Why local admin access is not being added/delivered to a autopilot enrolled device via Intune?

We have Windows device which is enrolled to Intune via Autopilot profile and when we provide local admin access to a user its not delivered/showing up for end user as he has to perform some actions on device to install/update some apps.

Here is path I am following:

Intune admin -> Endpoint Security -> Account Protection -> Created a profile and added a security group where that particular user was added and also added that user in configuration settings as an administrator.

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
370 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,783 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,664 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fiona Matu 86 Reputation points Microsoft Employee
    2024-03-06T19:23:31.7933333+00:00

    Hi Vinod,

    There could be a few reasons why the local admin access is not being delivered to the autopilot enrolled device via Intune. Please try these possible solutions to see if they address the issue:

    1. Ensure that the profile is assigned to the device: Verify that the profile you created is assigned to the device that the user is using. You can check this by going to the device details in the Intune admin console.
    2. Verify that the user is part of the security group: Ensure that the user is part of the security group that you added to the profile. You can check this by going to the user details in the Intune admin console.
    3. Verify that the policy is being applied: Check if the policy is being applied to the device by going to the device details in the Intune admin console and verifying that the policy is listed under the device configuration profiles.
    4. Try updating the policy: Update the policy and see if the changes are applied to the device. You can do this by making a small change to the policy and then saving it.
    5. Check the device logs: Check the device logs to see if there are any errors related to the policy. You can access the device logs through the Intune admin console.
    6. Try using PowerShell to add the user as a local admin: You can use PowerShell to add the user as a local admin on the device.
    7. Try using a different method to add the user as a local admin: You can also try using a different method to add the user as a local admin, such as Group Policy or a script that runs at startup.
    0 comments