Configure non-global admin accounts, Configure non-global admin accounts on surface hub, Summary create azure ad security groups – Microsoft Surface Hub 2 SmCamera User Manual
Page 72
![background image](/files/873833/content/doc072.png)
Configure non-Global Admin accounts
on Surface Hub
Article • 04/19/2023 • Applies to: Surface Hub, Surface Hub 2S
The Windows 10 Team 2020 Update adds support for configuring non-Global Admin
accounts that limit permissions to management of the Settings app on Surface Hub
devices joined to an Azure AD domain. This enables you to scope admin permissions for
Surface Hub only and prevent potentially unwanted admin access across an entire Azure
AD domain.
Windows 10 T
now the recommended CSP to use;
is still supported, but has
been deprecated.
The process of creating non-Global Admin accounts involves the following steps:
1. In Microsoft Intune, create a Security group containing the admins designated to
manage Surface Hub.
2. Obtain Azure AD Group SID using PowerShell.
3. Create an XML file containing Azure AD Group SID.
4. Create a Security Group containing the Surface Hub devices that the non-Global
admins Security group will manage.
5. Create a custom Configuration profile targeting the security group that contains
your Surface Hub devices.
7
Note
Before you begin, make sure your Surface Hub is Azure AD-joined and Intune auto-
enrolled. If not, you will need to
again, choosing the option to join Azure AD. Only
are supported with the non-Global Admin
policy configuration.
Summary
Create Azure AD security groups