The rights of an Azure AD admin on a machine enrolled in organization

user3827608

12/15/22, 7:43 AM

The question is short, what can the Azure administrator (with active directory) do in my machine? Is the same answer for an OSX machine?

I work for a company that wants to make our computers fully managed. We work remotely and suddenly I have questions in terms of privacy. From what I understand the admin can run commands as root, so potentially do whatever he wants. Is it true ? If so I will just leave the company, I do not wish to work with a permanent eye on me

1 + 3

azure-active-directory

joeqwerty

12/15/22, 3:12 PM

Is the computer owned by the company? If so, then why do you care? You're only using the company computer for work related to your job, right?

user3827608

12/15/22, 8:29 PM

@joeqwerty I don't understand your answer, I ask what can do the administrator? The rest isn't your the subject. If you agree that your admin and boss can spy you at home ok, not me. And in more the law don't allow such spy/track in company, maybe in your country yes not in mine. If you can run command as admin they can just turn on microphone, check your cam, turn on the wifi every time etc etc. Your answer it's ok if you work for police army or it's a computer in one school and maybe why not inside the office of some comapnies, but at home no ... I'm sure almost everyone agree with me...

user3827608

12/15/22, 8:40 PM

@joeqwerty And in any case I already took my decision if they can spy I leave, I want just the answer to my question "The rights of an Azure AD admin on a machine enrolled in organization" to know if I leave or not

Score:0

Server

Noor Khaldi

12/16/22, 8:00 PM

On a Windows machine: the Global Admin is added to the machine local admins group, so they get all the powers of a local admin: https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin#how-it-works

On OSX: there is no such thing as Azure AD Joined for OSX: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/36020725-implement-the-ability-to-join-mac-os-x-to-azure-ad

0 + 2

user3827608

12/21/22, 4:26 PM

Thanks for your answer, apparently the admin will add himself to the local admins groups on OSX (I don't know how).

Noor Khaldi

12/22/22, 11:31 AM

Guess this can be done using Intune or JAMF, but not out of the box like Windows 10.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: The rights of an Azure AD admin on a machine enrolled in organization

TH: สิทธิ์ของผู้ดูแลระบบ Azure AD ในเครื่องที่ลงทะเบียนในองค์กร

RO: Drepturile unui administrator Azure AD pe o mașină înscrisă în organizație

RU: Права администратора Azure AD на компьютере, зарегистрированном в организации

VI: Quyền của quản trị viên Azure AD trên máy đã đăng ký trong tổ chức

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.