You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/protect/endpoint-security-account-protection-policy.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,10 @@ View [settings for account protection profiles](../protect/endpoint-security-asr
38
38
39
39
## Prerequisites for Account protection profiles
40
40
41
-
Devices must run Windows 10 or Windows 11.
41
+
Devices must run:
42
+
43
+
- Windows 10 20H2 or later
44
+
- Windows 11
42
45
43
46
## Account protection profiles
44
47
@@ -65,7 +68,7 @@ Use the Local user group membership (preview) profile to manage the users that a
65
68
66
69
### Configure the profile
67
70
68
-
This profile manages the local group membership on devices through [Policy CSP - LocalUsersAndGroups](/windows/client-management/mdm/policy-csp-localusersandgroups?WT.mc_id=Portal-fx).
71
+
This profile manages the local group membership on devices through [Policy CSP - LocalUsersAndGroups](/windows/client-management/mdm/policy-csp-localusersandgroups?WT.mc_id=Portal-fx). The CSP documentation includes additional details on how configurations apply, and an FAQ about the use of the CSP.
69
72
70
73
When configuring this profile, on the *Configuration settings* page you can create multiple rules to manage which built-in local groups you want to change, the group action to take, and the method to select the users.
71
74
@@ -78,15 +81,15 @@ The following are the configurations you can make:
78
81
-**Group and user action**: Configure the action to apply to the selected groups. This action will apply to the users you select for this same action and grouping of local accounts. Actions you can choose include:
79
82
-**Add (Update)**: Adds members to the selected groups. The group membership for users that aren’t specified by the policy are not changed.
80
83
-**Remove (Update)**: Remove members from the selected groups. The group membership for users that aren’t specified by the policy are not changed.
81
-
-**Add (Replace)**: Replace the members of the selected groups with the new members you specify for this action. This option works in the same way as a Restricted Group and any group members that are not specified in the policy are removed.
84
+
-**Add (Replace)**: Replace the members of the selected groups with the new members you specify for this action. This option works in the same way as a Restricted Group and any group members that are not specified in the policy are removed.
82
85
83
86
> [!CAUTION]
84
-
> If the same group is configured with both a Replace and Update action, the Replace action wins. This is not considered a conflict.
85
-
87
+
> If the same group is configured with both a Replace and Update action, the Replace action wins. This is not considered a conflict. Such a configuration can occur when you deploy multiple policies to the same device, or when this CSP is also configured by use of Microsoft Graph.
88
+
86
89
-**User selection type**: Choose how to select users. Options include:
87
90
88
91
-**Users**: Select the users and user groups from your Azure Active Directory (Azure AD).
89
-
-**Manual**: Specify Azure AD users and groups manually, by username, domain/username, or their security identifier (SID).
92
+
-**Manual**: Specify Azure AD users and groups manually, by username, domain/username, or the groups security identifier (SID).
90
93
91
94
-**Selected user(s)**: Depending on your selection for *User selection type*, you’ll use one of the following options:
0 commit comments