When joining a PC to AzureAD (for single sign on using the Office 365 account, for example) the FIRST user becomes a local administrator on the PC, thus allowing them to install Office apps and other software. Should you need to grant other Office 365 users "local admin" privileges, here's the command to do it:
Log onto the PC as someone WITH local admin rights
Right-click "PowerShell" and "Run As administrator"
Type the following command, replacing the email address with the Office 365 user's:
Add-LocalGroupMember -Group "Administrators" -Member "AzureAD\John.Doe@company-xyz.com"When you next log onto this PC as that user, they will have administrator privileges.
Here's the link to the official Microsoft article: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/add-localgroupmember?view=powershell-5.1