In this post, I will show you how to enable Cloud PC local admin access to a user in Windows 365. Using the User settings, you can make a user a local admin in their Cloud PC.
In Windows 365, the User settings page lets IT administrators manage various settings for the user. The best example of user settings is restoring the cloud PC to a previous state.
When you create a new user settings policy in Windows 365, you can assign local admin access for a user on their cloud PC. The local administrator access gives a Cloud PC user full control over the Windows settings.
If you have created a Cloud PC for a user in Windows 365 without enabling local admin access, the user will not have administrator access on the Cloud PC. The below screenshot shows an example where a Cloud PC user doesn’t have local administrator access.
Should you grant Local Admin Access for a user on Cloud PC?
In Windows 365, a Cloud PC user may require administrator access to perform administrative tasks. The question is: Should you grant the user administrator access on Cloud PC? Well, it depends on the requirement, and you truly need to trust your users for this approach to work. The users need to be very savvy and educated with regard to information security and best practices.
Prerequisites for Cloud PC Administrator Access
When you want to make a user a local admin in their Cloud PC, a few things are important.
- The admin access privileges can be applied before or after a Cloud PC is assigned.
- Local administrator permissions apply at the user level.
- The user will have local administrator permissions on all Cloud PCs assigned to them.
- Changes to the settings take effect when the user logs on. If the user is currently logged on, they must sign out and then sign in again to see the change.
User Settings is the easiest method that you can use to provide cloud PC local admin access to a user in Windows 365.
How to Enable Cloud PC Local Admin Access to User
Let’s see how to enable local admin access to a user on the Cloud PC in Windows 365:
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Device > Provisioning > Windows 365 > User Settings.
- Click Add to create a new user settings to enable local admin access on Cloud PC.
As discussed earlier, you can create a new user setting and allow the local admin access to a user on Cloud PC. On Add user setting page, specify the name of the setting as Enable Local Admin. Set the option “Enable Local Admin” to on. Click Next.
Under Assignments, choose Select Groups. You need to be careful while choosing the groups here. The settings that enable local admin access for Cloud PC users will apply to the user groups that you select. To add the user group, click Add groups and select a user group. Click Next.
On the Review+Create page, review all the settings that you have configured so far to enable the local admin access for Cloud PC users. Click Create to begin the creation of user setting.
You should shortly see a notification that the user setting has been created. The Cloud PC users will get the user settings shortly.
The User settings take effect when the user logs on. If the user is currently logged on, they must sign out and then sign in again to see the change. After a few minutes, we see the Cloud PC user is now granted the local admin access on the machine.
Note: If a user is assigned to more than one user setting policy, user settings will honor the most-recently created policy and ignore all others.
‘As per Microsoft, “User Settings” is the only method that you can use to provide cloud PC local admin access to a user in Windows 365.’
Is this true? I can’t find this within Microsoft’s documentation. Microsoft does state that local admin is currently the option within ‘user settings’, but that doesn’t equate to the same as the initial statement.
I hadn’t thought about this while writing. Indeed, there is another method that can be used.