When you join a Windows 10 machine to Azure AD, the user account you use to join to the domain is automatically given local administrator permissions to the machine.

If you noodle around in the Azure management portal, there doesn’t seem to be an easy way to give additional users local administrator permissions on the same machine.

A client of mine is running some practice management software that, as it turns out, requires all users to have local administrator privileges. Yes, I know.

Fortunately there’s an easy to elevate a local user’s account to give them administrator permissions.

Launch a CMD shell with Administrator privileges and type in:

net localgroup Administrators AzureAD\UserName /add

where UserName is their first and last names as specified in Azure; e.g. mine would be KaiHowells