Add Administrator to Azure AD Premium

D

When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principles to the local administrators group on the device:

-> The Azure AD global administrator role

-> The Azure AD device administrator role

-> The user performing the Azure AD join

In the Azure portal, you can manage the device administrator role on the Devices page. To open the Devices page:

1. Sign in to your Azure portal as a global administrator or device administrator.

2. On the left navbar, click Azure Active Directory.

3. In the Manage section, click Devices.

4. On the Devices page, click Device settings.

5. To modify the device administrator role, configure Additional local administrators on Azure AD joined devices.

https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

To add a user as an administrator on all the computers that will be joined to the Azure AD domain, you should configure User settings from the Users blade in Azure AD.

Here are the steps you can follow:

1. Sign in to the Azure portal using your Azure account credentials.

2. In the left navigation pane, click on "Azure Active Directory".

3. Click on "Users" and select the user "admin1@contoso.com" from the list of users.

4. In the user's profile page, click on "Directory role".

5. In the "Directory role" blade, click on "Add role assignment".

6. In the "Add role assignment" blade, select "Global administrator" as the role.

7. In the "Select" field, choose "All" to assign the role to all devices.

8. Click on "Save" to complete the process.

This will add the user "admin1@contoso.com" as a Global administrator on all devices joined to the Azure AD domain. The Global administrator role provides full access to all administrative features in Azure AD, including managing user accounts, groups, applications, and devices.