Manage Local User Group Membership via Intune

From Notes_Wiki
Revision as of 07:39, 4 September 2025 by Ansil (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Microsoft Intune > Manage Local User Group Membership via Intune

Manage Local User Group Membership via Intune

Overview

Using Intune, administrators can manage local user group memberships on Windows devices. This allows adding Azure AD users or groups to local groups such as Administrators or Remote Desktop Users.

Prerequisites

  • Intune Administrator or Global Administrator role.
  • Devices enrolled in Intune.
  • Windows 10/11 supported.

Steps

1. Sign in

2. Navigate to Endpoint Security

  • Go to: Endpoint security > Account protection > Create policy.

3. Select Platform and Profile Type

  • Platform: Windows 10 and later
  • Profile type: Local user group membership

4. Configure Policy Settings

  • Choose local group to manage (e.g., Administrators).
  • Add members:
    • Azure AD users
    • Azure AD groups
    • Local accounts (if applicable)
  • Example: Add "IT Support Group" to local Administrators group.

5. Assign the Policy

  • Target specific Azure AD groups (e.g., IT Department Devices).

6. Review and Create

  • Verify configuration.
  • Click Create.

7. Monitor Deployment

  • Navigate: Endpoint security > Account protection > Select Policy > Device/User status.
  • Confirm devices/users received the updated group membership.

Notes

  • Only specific groups are supported (e.g., Administrators, Remote Desktop Users).
  • Use to enforce least privilege and restrict local admin rights.
  • Common use case: granting IT helpdesk or support staff limited admin access.


Home > Microsoft Intune > Manage Local User Group Membership via Intune

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Manage_Local_User_Group_Membership_via_Intune&oldid=9499"