![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 75%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 61%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hello Graham,
If the laptop is Azure AD-joined (rather than domain-joined or using a local account), then by default, only the user who joined the device to Azure AD is granted local administrator rights. Simply assigning admin rights to your business profile in Microsoft 365 doesn’t automatically replicate to the device unless explicitly configured.
Here are a few steps to help resolve this:
Check the device's join status: Go to Settings > Accounts > Access work or school and confirm whether it's Azure AD-joined or Hybrid AD-joined.
Add your account as a local admin: If you're managing via Endpoint Manager (Intune), you can push a policy that adds specific users or groups to the local administrators group.
Use the built-in Administrator account: If local profiles are allowed, you can enable the built-in Administrator account via command line (net user administrator /active:yes) and use it to install software.
Local account creation: If you're trying to create a local admin account manually and the option is missing, check whether the device is in S mode or has restrictions via group policy or Intune.
If this helps, feel free to hit “Accept Answer” so others can benefit too 😊