I really like Office 365’s use of Azure Active Directory users to allow sign on to machines that are setup to be managed by an organization. For one thing, it just makes working with Office 365 a little bit easier; in many cases, you no longer have to re-enter the Office 365 password after you’ve signed in because the sign in credentials are used for application authentication as well (Outlook is a little different, but once you’ve saved the password for the user’s email account, you shouldn’t have to enter it again).
One thing that can be a bit of a headache, though, is setting up the local machine with the appropriate permissions. If you have a user you want to give administrative access to, the old way was to go into Computer Management and add the local user to the Administrators group.
The problem with AzureAD users is they don’t get added to the users list:
The easiest way I have found to give admin access is a simple script that can be run in Powershell, command prompt, the Run portal, etc:
net localgroup administrators AzureAD\UserName /add
Where “UserName” is the AzureAD user’s name (as displayed in the C:\Users folder). Make sure to run that in a prompt or Powershell terminal that has administrative rights, or you may get an access denied message.