Assigning Local Admins to Windows 11 through Intune

This Microsoft Intune article will show you how to assign local admins to Windows 11 machines through Intune.

Microsoft Intune is the world’s most popular mobile device management (MDM) solution for cross-platform devices (iOS, Android, and Windows). It allows organisations to manage their device fleet seamlessly and at scale.

Over the years, Intune’s MDM capabilities have increased and will soon reach the same capabilities as Group Policies in Active Directory environments.

One of the challenging tasks of managing local admins on Entra ID non-autopilot machines is adding local admins to managed devices.

Using Microsoft Intune account management capabilities, we can add, remove, and modify admin users on managed devices using a single policy without a PowerShell script.

Assigning Local Admins to Windows 11 through Intune

To assign local admins to your Microsoft Intune fleet, ensure you have Global Admin permissions to the Microsoft Intune portal.

From the Microsoft Intune management portal, click on Endpoint Security

From the Endpoint Security section, click on Account Protection.

Create a new policy and use the Local user group membership profile option.

In the configuration page, select Administrators and set the operation type.

Save and assign the policy to computers and wait for it to deploy. To deploy the policy quickly, set the Intune policy update to 30 minutes.

Read more Microsoft Intune articles

• How to Turn Off Windows Hello in Microsoft Intune
• Boosting Intune Machine Policy Updates from 8 Hours to 30 Minutes
• Streamlining Google Chrome Updates in Your Organization with Intune
• Upgrading Windows 11 Editions Made Easy with Microsoft Intune
• How to Add a Registry Key to Windows 11 Using Microsoft Intune