O365 Help.... Making a user account not admin

[Conanius]

Hi Folks,

Client I'm working for at the moment is letting us get guest access to their O365 instance so we can collaborate with staff on teams etc.

They've asked contractors to ensure their machines are suitably configured (usual stuff like bitlocker/av/patch management/etc) but one that is causing me some grief is making sure my account is not an admin.

I've created a new o365 profile and set it up in o365 to be a user and not an admin, but on the Laptop its showing as an Administrator.

I've created a local admin account on the machine with the plan to go into 'users and groups' and remove the o365 from the admins group.... but its not there. I presume, because it isn't really a local account and its the o365 account.

I'm not sure what I should be searching for, but google isn't really helping me.

Ideal outcome i want is:

Use the o365 account, and then if I need to install software or something, just enter the credentials for the local admin.

Am I being an idiot?

 

[mrk]

I'm assuming the contractor machines are not connected to the company domain etc so won't be pulling down any group policies hence why they've asked for each machine to be up to date with security and stuff.

You can create a local admin account and just have that sidelined as an admin account for service tasks when installing software etc.

So the office 365 user account has been created and is fully working under office 365 portal yep? As in you can access Outlook online, OneDrive etc?

If so, then you can just sign into your machine using that account. On Windows 10 it's Settings > Accounts > Email & Accounts > Add Account.

From there you can sign in using the Office 365/Exchange option and input the account user/pass as prompted. It will log in using that online account. At the moment it sounds like both accounts (laptop and o365) are separate from each other, so naturally the laptop one is an admin one as that's how it's been set up. During the add online account process you should be prompted to choose the account type (admin etc) but this may have changed as it's been ages since I used non domain based sign in on Windows. That should get you on the right track though.

The license assigned to the 365 user account will also dictate what services/apps it has access to so will be worth making sure it's not a web/mobile apps only license assigned if things aren't working!

Edit*
Although not sure why the computer account needs to be non-admin if the machine isn't domain connected? Unless I've missed something.

 

[Django x2]

Yeah, they won't care if the machine user is a local admin or not.

Although you've got me with your view on guest access. That's not what you are describing. Guest access to use and collaborate on Teams does not require the machine to be AAD Joined or Hybrid Joined. It's purely user based. If you allow them to hybrid join your machine, they have the ability to remote wipe it, etc.

But, to summarise. Being a local admin has no effect on their Win10 policies. All that it cares about is W10 min version, bitlocker, etc.