Skip to content

Feature 21955 - Manage the local administrators on Microsoft Entra joined devices #708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
praneeth-0000 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature 21955 - Manage the local administrators on Microsoft Entra joined devices #708

praneeth-0000 wants to merge 2 commits into from

Conversation

@praneeth-0000
Copy link
Collaborator

@praneeth-0000 praneeth-0000 commented Dec 15, 2025

Rewrote the assessment logic as per new spec

  • Pass Scenario
image
  • Fail Scenario
image

Closes #678

@praneeth-0000 praneeth-0000 self-assigned this Dec 15, 2025
@praneeth-0000 praneeth-0000 added the enhancement New feature or request label Dec 15, 2025
@alexandair
Copy link
Collaborator

alexandair commented Dec 15, 2025

@merill @ramical
If I understand the article in Remediation action section correctly, it's recommended to use Intune method and leave the tenant-wide role empty.

You can use Microsoft Entra groups to manage administrator privileges on Microsoft Entra joined devices with the Local Users and Groups mobile device management (MDM) policy. This policy allows you to assign individual users or Microsoft Entra groups to the local administrators group on a Microsoft Entra joined device, providing you with the granularity to configure distinct administrators for different groups of devices.
Organizations can use Intune to manage these policies using Custom OMA-URI Settings or Account protection policy.

The current test fails organizations that implemented this recommendation.

alexandair
alexandair reviewed Dec 15, 2025
View reviewed changes
Copy link
Collaborator

@alexandair alexandair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left the comment for @merill and @ramical to confirm if the spec is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexandair alexandair alexandair left review comments

@merill merill Awaiting requested review from merill

@SagarSathe SagarSathe Awaiting requested review from SagarSathe

At least 1 approving review is required to merge this pull request.

Assignees

@praneeth-0000 praneeth-0000

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Wrong Recommendation (Manage the local administrators on Microsoft Entra joined devices)

3 participants

@praneeth-0000 @alexandair