Test result →
Failed
Local administrators on Microsoft Entra joined devices are not managed by the organization.

Global administrator role is added as local administrator on the device during Microsoft Entra join?

No → ❌

Do you really want us to enable so all Global administrators are local admins on all devices?
Global administrator role is added as local administrator on the device during Microsoft Entra join (Preview)
The setting above should be NO and not YES for better security.

Then you use a setup like,
PIM to activate the role Microsoft Entra Joined Device Local Administrator

Is this not the most secure way of going about this?