Difference between revisions of "Manage Local User Group Membership via Intune"

From Notes_Wiki
 
 
Line 1: Line 1:
[[Main Page | Home]] > [[Microsoft Intune]] > [[Manage Local User Group Membership via Intune]]
[[Main Page | Home]] > [[Microsoft Intune]] > [[Manage Local User Group Membership via Intune]]


= Manage Local User Group Membership via Intune =


== Overview ==
Using Intune, administrators can manage local user group memberships on Windows devices. 
This allows adding Azure AD users or groups to local groups such as Administrators or Remote Desktop Users.
== Prerequisites ==
* Intune Administrator or Global Administrator role.
* Devices enrolled in Intune.
* Windows 10/11 supported.
== Steps ==
=== 1. Sign in ===
* Open [https://endpoint.microsoft.com Microsoft Intune Admin Center].
* Sign in with administrator credentials.
=== 2. Navigate to Endpoint Security ===
* Go to: '''Endpoint security > Account protection > Create policy'''.
=== 3. Select Platform and Profile Type ===
* Platform: '''Windows 10 and later'''
* Profile type: '''Local user group membership'''
=== 4. Configure Policy Settings ===
* Choose local group to manage (e.g., Administrators).
* Add members:
** Azure AD users
** Azure AD groups
** Local accounts (if applicable)
* Example: Add "IT Support Group" to local Administrators group.
=== 5. Assign the Policy ===
* Target specific Azure AD groups (e.g., IT Department Devices).
=== 6. Review and Create ===
* Verify configuration.
* Click '''Create'''.
=== 7. Monitor Deployment ===
* Navigate: '''Endpoint security > Account protection > Select Policy > Device/User status'''.
* Confirm devices/users received the updated group membership.
== Notes ==
* Only specific groups are supported (e.g., Administrators, Remote Desktop Users).
* Use to enforce least privilege and restrict local admin rights.
* Common use case: granting IT helpdesk or support staff limited admin access.




[[Main Page | Home]] > [[Microsoft Intune]] > [[Manage Local User Group Membership via Intune]]
[[Main Page | Home]] > [[Microsoft Intune]] > [[Manage Local User Group Membership via Intune]]

Latest revision as of 07:39, 4 September 2025

Home > Microsoft Intune > Manage Local User Group Membership via Intune

Manage Local User Group Membership via Intune

Overview

Using Intune, administrators can manage local user group memberships on Windows devices. This allows adding Azure AD users or groups to local groups such as Administrators or Remote Desktop Users.

Prerequisites

  • Intune Administrator or Global Administrator role.
  • Devices enrolled in Intune.
  • Windows 10/11 supported.

Steps

1. Sign in

2. Navigate to Endpoint Security

  • Go to: Endpoint security > Account protection > Create policy.

3. Select Platform and Profile Type

  • Platform: Windows 10 and later
  • Profile type: Local user group membership

4. Configure Policy Settings

  • Choose local group to manage (e.g., Administrators).
  • Add members:
    • Azure AD users
    • Azure AD groups
    • Local accounts (if applicable)
  • Example: Add "IT Support Group" to local Administrators group.

5. Assign the Policy

  • Target specific Azure AD groups (e.g., IT Department Devices).

6. Review and Create

  • Verify configuration.
  • Click Create.

7. Monitor Deployment

  • Navigate: Endpoint security > Account protection > Select Policy > Device/User status.
  • Confirm devices/users received the updated group membership.

Notes

  • Only specific groups are supported (e.g., Administrators, Remote Desktop Users).
  • Use to enforce least privilege and restrict local admin rights.
  • Common use case: granting IT helpdesk or support staff limited admin access.


Home > Microsoft Intune > Manage Local User Group Membership via Intune

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Manage_Local_User_Group_Membership_via_Intune&oldid=9499"