User Powershell Script as Startup or Login Script and Bypass Execution Policy

Use the following settings in the Login/Startup Script section of your GPO

Script Name: %windir%\System32\WindowsPowerShell\v1.0\powershell.exe
Script Parameters: -Noninteractive -ExecutionPolicy Bypass –Noprofile -file MyPSScript.ps1 -psscriptparameter1 value -pssscriptparameter2

-Noninteractive Prevents an interactive window from trying to open at any time during the script execution

-ExecutionPolicy Bypass Enables this single script to run if more restrictive Powershell Execution policies are normally applied on the target computer

-Noprofile Ensures PowerShell does not execute profile scripts and instead launches the desired script immediately in an unaltered environment

References:

http://woshub.com/running-powershell-startup-scripts-using-gpo/

https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1#-file----filepath-args

Manage the Local Administrators Group on Azure AD Joined Devices

• If your tenant users are synchronized from on-premises Active Directory, use net localgroup administrators /add "Contoso\username".
• If your tenant users are created in Azure AD, use net localgroup administrators /add "AzureAD\UserUpn"

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin