How can we improve Azure Active Directory?

← Azure Active Directory

Utilize AAD Security Groups for Device "Additional Local Administrators" support

Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

77 votes

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

We’ll send you updates on this idea

Jeremy McLaughlin shared this idea · Oct 17, 2017 · Flag idea as inappropriate… · Admin →

under review ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · Nov 13, 2018

Thanks for your feedback. This is currently under review, we will update the status when we finalize the schedule

—
Ravi

8 comments

Add a comment…

Sign in

Your name

Your email address

(thinking…)

Password

Sign in with:

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

Michael Mardahl commented · February 5, 2019 3:42 AM · Flag as inappropriate

Try this one on for size. It might just be good enough for now ...

https://www.iphase.dk/local-administrators-on-aad-joined-devices/
Michael Mardahl commented · January 22, 2019 10:35 PM · Flag as inappropriate

Here is some relevant information that some might have missed:
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

and here: http://www.scconfigmgr.com/2018/08/30/configure-restricted-groups-with-intune-policy-csp/
Michael Mardahl commented · November 5, 2018 10:30 AM · Flag as inappropriate

If you want a user to be local admin on a machine, this can be accomplished through intune powershell extensions quite easily, even with checks agains an AAD group. Hit me up on twitter is this is something I should blog about, and please specify some scenario that I should target. @michael_mardahl
Anonymous commented · July 25, 2018 3:11 PM · Flag as inappropriate

Agreed, please resolve this issue
Anonymous commented · July 20, 2018 12:29 AM · Flag as inappropriate

Agree with Martin... please add the ability to specify which groups of devices the users have admin rights on. Giving the users admin rights on all AAD joined devices in the tenant is not viable for us.
Bill Gates commented · May 31, 2018 11:34 AM · Flag as inappropriate

yes, it is dumb to have to manually add each individual user to Azure local admins, let us use security groups please
Martin Wüthrich commented · April 27, 2018 1:42 AM · Flag as inappropriate

and thus there are huge organization, and they only want to have a reasonable amount of admin per device:
Please make the group assignment more finegrained, so that I can add only the Asia IT on the ASIA Devices. Maybe connect it with:
Administrative Units?
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-administrative-units-management
Mark Rusbridge commented · April 23, 2018 5:50 PM · Flag as inappropriate

Could we expand this to adding Azure AD groups to any local group on the device?

Azure Active Directory: Domain Join

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,544 ideas
- Additional Services 234 ideas
- Analytics Platform System 10 ideas
- API Apps 3 ideas
- API Management 389 ideas
- Application Insights 504 ideas
- Automation 408 ideas
- Azure Active Directory 2,938 ideas
- Azure Active Directory Application Requests 198 ideas
- Azure Advisor 12 ideas
- Azure Alert Management 59 ideas
- Azure Analysis Services 125 ideas
- Azure API for FHIR 0 ideas
- Azure App Configuration 2 ideas
- Azure Backup 369 ideas
- Azure Bot Service 52 ideas
- Azure Cloud Shell 245 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 71 ideas
- Azure Container Registry 42 ideas
- Azure Cosmos DB 260 ideas
- Azure CycleCloud 0 ideas
- Azure Data Explorer 31 ideas
- Azure Database for MariaDB 9 ideas
- Azure Database for MySQL 52 ideas
- Azure Database for PostgreSQL 84 ideas
- Azure Database Migration Service 27 ideas
- Azure Databricks 44 ideas
- Azure DDoS Protection 6 ideas
- Azure Digital Twins 14 ideas
- Azure Event Grid 40 ideas
- Azure Functions 132 ideas
- Azure Governance 56 ideas
- Azure Government 67 ideas
- Azure IoT 224 ideas
- Azure IoT Central 54 ideas
- Azure IoT Device Catalog 8 ideas
- Azure IoT Edge 54 ideas
- Azure IoT Solution Accelerators 20 ideas
- Azure Key Vault 84 ideas
- Azure Kubernetes Service (AKS) 110 ideas
- Azure Management Groups 12 ideas
- Azure Maps 35 ideas
- Azure Marketplace 368 ideas
- Azure Media Services 242 ideas
- Azure Migrate 28 ideas
- Azure mobile app 194 ideas
- Azure Monitor 66 ideas
- Azure Pack 306 ideas
- Azure portal 1,800 ideas
- Azure Resource Manager 370 ideas
- Azure Search 210 ideas
- Azure Security Center 150 ideas
- Azure Sentinel 11 ideas
- Azure Service Health 12 ideas
- Azure SignalR Service 7 ideas
- Azure Spatial Anchors 9 ideas
- Azure Sphere 38 ideas
- Azure Stack 134 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 3 ideas
- Batch 36 ideas
- Batch AI 8 ideas
- Biztalk Services 23 ideas
- Blockchain 36 ideas
- Cache 44 ideas
- CDN 81 ideas
- Cloud Services (Web and Worker Role) 273 ideas
- Cost Management 159 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 0 ideas
- Data Catalog 108 ideas
- Data Factory 626 ideas
- Data Lake 331 ideas
- Data Science VM 18 ideas
- Diagnostics and Monitoring 179 ideas
- Event Hubs 14 ideas
- Global Infrastructure 32 ideas
- HDInsight 119 ideas
- Lab Services 220 ideas
- Log Analytics 851 ideas
- Logic Apps 1,182 ideas
- Machine Learning 438 ideas
- Mobile Engagement 19 ideas
- Networking 660 ideas
- Notification Hubs 43 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 101 ideas
- SDK and Tools 137 ideas
- Security and Compliance 74 ideas
- Service Bus 174 ideas
- Service Fabric 271 ideas
- Signup and Billing 1,206 ideas
- Site Recovery 208 ideas
- SQL Data Sync 66 ideas
- SQL Data Warehouse 230 ideas
- SQL Database 555 ideas
- SQL Managed Instance 60 ideas
- SQL Server 9,133 ideas
- Storage 649 ideas
- StorSimple 46 ideas
- Stream Analytics 220 ideas
- Support Feedback 246 ideas
- System Center Data Protection Manager 103 ideas
- Update Management 107 ideas
- Virtual Machines 1,361 ideas
- Web Apps 306 ideas
Microsoft Azure