Windows 365 is Microsoft’s Windows as a Service solution, basically running Windows 10 & 11 machines in the cloud which can be accessed from anywhere. Learn how to deploy Windows 365 Enterprise Cloud PC using Intune if you have not done so already.
The deployment of Windows 365 PCs to a group of users using Intune does not give them admin rights on their machine. You might come across scenarios where the end user requests admin access for their machine – it could be for development purposes, colleagues within the wider IT team etc.
Table of Contents
How to configure admin access for Windows 365 PC
Setting up admin access for a group of users on their Cloud PC is straightforward using User Settings in Intune. Follow the steps below to setup admin access.
Launch the Intune Portal and navigate to Devices -> Windows 365.
Click on User Settings tab (last one).
Click on the Add button to create a new user setting (to enable local admin rights in our case).
Give the setting a suitable name and check the Enable Local Admin box.
You can use the same setting to enable PC restores or create a different one just for that. I will leave those settings unchecked for the time being. Click the Next button.
Within the Assignments tab, select the group of users that needs admin access to their machine. Click the Next button.
Make sure that the settings are correct in the review tab and click the Create button to configure the user setting.
You will see the new setting straight away in the portal.
If a user is assigned to more than one user setting policy, user settings will honor the most recently created policy and ignore all others. The last time a policy was updated doesn’t affect this priority. To make sure user settings are consistent, avoid any policy targeting overlaps.
User Experience
Before the user setting was applied, Amith (our test user) did not have admin access to his Windows 365 Cloud PC.
After the settings are synchronized, opening Administrators group within Local Users & Groups displays Amith as a local administrator on the Cloud PC.
Adding the group to the user setting does NOT mean that the group will be given local admin rights on the Cloud PC. The admin access is only given to the user within the group and on his or her machine only.
Please let me know if you have any questions in the comments section.