Windows AzureAD LocalAdmin

Grant Local Admin Access on a Single Azure AD Managed Device

In some cases, you may want to give a user local administrator access on a specific Azure AD managed device, rather than granting them access to all devices. Although Administrative Units might provide a solution, it can be challenging to set up quickly. Here's a simple workaround to achieve this using the Command Prompt.

1. Log in as the `Administrator` on the device.
2. Open the Command Prompt.
3. Execute the following command:

net localgroup Administrators /add AzureAd\[email protected]

Replace [email protected] with the email address of the user you want to grant local administrator access to.

After running the command, the user should have local administrator access to the specific device. This quick fix may be helpful for those looking to grant limited admin privileges on a per-device basis.