question

usarif avatar image
0 Votes"
usarif asked Crystal-MSFT commented

get local administrators report of device joined to AAD

Folks, all my windows 10 devices are Azure AD joined. There is no on-premises AD.

Is there way to pull members of local administrators group. For example users who is local administrator?

mem-intune-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@usarif, Based on my research, there's no such report now. We can request this feature in Intune uservoice or vote the thread which EswarKonet provided:
https://microsoftintune.uservoice.com/forums/291681-ideas

During my research, I find a link describe the methods of gathering local admin info via Powershell as a reference:
https://flow.microsoft.com/tr-tr/blog/advanced-flow-of-the-week-gathering-local-admin-satus-from-microsoft-intune/

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

usarif avatar image
0 Votes"
usarif answered Crystal-MSFT commented

@Crystal-MSFT i did put in uservoice .

2nd i have implemented 'Gabriel Hollandsworth' solution (thanks for your link) and it is working great. so thanks for you and Gabriel.

thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@usarif,, Thanks for the reply. I am glad the information can help. If there's anything we can help in the future, feel free to post in our Q&A to discuss together.

Have a nice day!

0 Votes 0 ·
usarif avatar image
0 Votes"
usarif answered

Hi Eswar, thanks for your reply...i had read and kind of implement to manager administrators through SID. but what i am looking for to get kind of report. i mean Intune is pulling discover apps and other information, shouldn't be hard to add this feature.
Log analytic would be over burden with over couple of thousands devices.

thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EswarKoneti-MVP avatar image
0 Votes"
EswarKoneti-MVP answered

There is no built-in way to get the report using intune. You may have to explore using the log analytics or so but haven't tried it this method though.
For managing the local administrators, you can refer this blog post https://www.jeffgilb.com/managing-local-administrators-with-azure-ad-and-intune/

User voice https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/39906043-collect-informations-to-manage-w10-local-administr

Thanks,
Eswar

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.