Apparently when joining a new machine to AAD, the account that does the join will be granted local admin right. That doesn’t seem ideal if we use end user accounts to do so.
And in the same time it’s a shame to have the device registered to some random IT accounts instead of the real user.
If you are using Azure AD join, how do you go around that?
To be clear, I’m talking about registering company owned / managed devices, not BYOD scenario.
Any experience with Microsoft Auto Pilot? Is it similar?