How to add an Azure AD User as an administrator

How to add an Azure AD User as an administrator

Steps

Click Start > Type "Cmd" > Right Click and select "Run as Administrator".
  • If your tenant users are created in Azure AD, use net localgroup administrators /add "AzureAD\UserUpn"
  • Where UserUPN is the User's E-mail

How it works

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principals to the local administrators group on the device:

  • The Azure AD global administrator role
  • The Azure AD joined device local administrator role
  • The user performing the Azure AD join

By adding Azure AD roles to the local administrators group, you can update the users that can manage a device anytime in Azure AD without modifying anything on the device. Azure AD also adds the Azure AD joined device local administrator role to the local administrators group to support the principle of least privilege (PoLP). In addition to the global administrators, you can also enable users that have been only assigned the device administrator role to manage a device.


Manually elevate a user on a device

In addition to using the Azure AD join process, you can also manually elevate a regular user to become a local administrator on one specific device. This step requires you to already be a member of the local administrators group.

Starting with the Windows 10 1709 release, you can perform this task from Settings -> Accounts -> Other users. Select Add a work or school user, enter the user's UPN under User account and select Administrator under Account type

Additionally, you can also add users using the command prompt:

  • If your tenant users are synchronized from on-premises Active Directory, use net localgroup administrators /add "Contoso\username".
  • If your tenant users are created in Azure AD, use net localgroup administrators /add "AzureAD\UserUpn"**
**This is the preferred method where UserUPN is the User's E-mail Address.




    • Related Articles

    • How to add an office 365 user as an Admin

      Use the Start Menu You can open an administrative Command Prompt using just the Start menu (or Start screen in Windows 8). Hit Start, type “command,” and you’ll see “Command Prompt” listed as the main result. Right-click that result and choose “Run ...

    • Join Azure Active Directory

      Join Office 365 AD – Existing To join an already configured Windows 10 device If you’ve had your device for a while and it’s already been set up, you can follow these steps to join your device to the network. Open Settings, and then select Accounts. ...

    • Add a shared mailbox to Outlook mobile

      Outlook for iOS If you use Outlook for iOS or Outlook for Android, you can add a shared mailbox you have permissions to access on Outlook Mobile. Use a shared mailbox on a mobile device (phone or tablet) To access a shared mailbox on a mobile device, ...

    • End-User Training for BarracudEmail Security Service - Hands-On Demo

      ​https://campus.barracuda.com/product/essentials/download/12CC/ess06010-end-user-training-for-email-security-service-hands-on-demo/

    • Microsoft 365 Mailbox Permissions

      As the admin, you may have company requirements to allow some users access to another user's mailbox. For example, you may want to enable an assistant to send or read email from their manager's mailbox, or one of your user's the ability to send email ...