Im looking for a way to check the logged in users AzureAD groups and if applicable add the user to the local admins group.


So the environment is all Windows 10 laptops all managed by intune mdm, logins are managed by AzureAD.


This need to run every logon to see if it is a new user that needs to be added.


Im thinking Im going to have to deploy an .exe through intune that uses task scheduler (so that the script runs as admin) to run a powershell script to add the logged in user to admin group.


Azure AD offers to add specific users as admins or the owner of the device but not a group.