MSAutomate

Endpoint Local Administrator

Endpoint Local Administrator is a Power Platform solution that allows you to add and remove users as local administrators on an Intune device from a Power App.

I originally built a similar solution like this but in ServiceNow. When I built that, users could submit a request for local administrator via a ServiceNow Catalog Request. Once their manager approved it, Power Automate would automatically grant them local administrator on their Intune device either permanent or temporary using the same method this uses.

With this solution, there is no more need to assign the Azure AD joined device local administrator role or manually remoting into a user’s machine and granting them local administrator.

Overview

Features

  • Add a user as a permanent local administrator
  • Add a user as a temporary local administrator
  • Remove a user from local administrator
  • Supports Hybrid and AzureAD Joined Devices

Search for a Device

To manage a local administrator on a device, select Manage Device on the dashboard, then enter the name of a device.

Device Search

View Device Information

After searching for a device, you can view information such as specific local administrator jobs that have run on that device, along with the primary user. This is also where you create your assignment.

Device Information

Create Permanent Assignment

When you search for a device, the default configuration toggles will be set to a permanent assignment as shown below.

Create Permanent Assignment

The app pulls in the primary user of the device, assuming that is who you’d want to add. If not, you can turn off the toggle and search for another user in Office 365.

Select a different user

Create Temporary Assignment

You can create a temporary assignment by turning off the permanent assignment toggle. This will allow you to select a date on which the local administrator rights should be removed.

Create Temporary Assignment

View Job Status

Once a job has been submitted, you can view the status and see where it’s at in its life cycle.

Temporary Assignment Job

Settings

You can modify notification settings for Microsoft Teams and Microsoft outlook here. You can enable or disable notifications, and modify the user’s who will receive them.

Notifications

Whenever a job is completed, admin gets granted, removed, or fails, you can receive adaptive card notifications in Teams and Outlook.

Teams Notification

Licensing

In order for the solution to function, you will need the following licenses:

  • For Power Automate:
    • Power Automate per User
      • The user that imports the solution into an environment would need this license. Or, you can change the ownership of the flows to a user with the license once it’s imported.
    • Power Automate per Flow
      • This solution contains 8 Cloud Flows
  • For Power Apps:
    • Power Apps per User
    • Power Apps Pay-As-You-Go
    • Power App App Passes

Download

The solution can be downloaded from GitHub. Please view the README file for instructions on what needs to be done to successfully import the solution. It should only take you 10-15 minutes.

If you have any issues or suggestions, let me know!


Jordan Bardwell

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular

Most discussed