Device Administrator Role not populating on older devices.

ZachZ 1 Reputation point
2020-01-09T17:59:19.587+00:00

I have come across an issue with adding the device administrator role to our team any device that was joined before that role was added does not seem to elevate their permissions. Any device that was joined after they have been added works as intended. I have tried the following:

  • Having our end users Sign out and back in.
  • Restarting the computer
  • Re syncing the device from the settings on the computer it self.
  • Re syncing the computer from intune.
  • waiting for it to refresh on its own which according to Microsoft should happen after 4 hours.

Is there something I am missing to cause the older machines to allow the device administrator role to function as a local admin account?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2020-01-09T22:07:08.67+00:00

    What are you trying to do with the credentials? The role recently changed and the Device Administrator role is available for assignment only as an "additional local administrator" in Device Settings.

    https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles

    Not also that the privilege does not take effect immediately - only when either a user signed off or after four hours, when a Primary Refresh token is issued. If you have a Premium license you can follow the guide to manually assign the role. https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

    If you'd like you can send me an email at AzCommunity@microsoft.com to get a support case opened for this and further troubleshoot.

    0 comments