Manage user account

Manage user account

Manage user account

Account protection allows you to protect user identities and accounts. It is also possible to manage group membership built into the device. With Account Protection, you can configure Account protection or Local user group membership

Prerequisites

This feature requires Windows 10 or Windows 11 workstations.

Account Protection

This feature permit to secure the user’s identification information. He is focused on settings for Windows Hello and Credential Guard.

  • Windows Hello for Business : Permit to replace passwords by two-factor authentification on PCs and mobile devices.
  • Credential Guard : Protect credentials and secrets tused on the devices.

Local user group membership

With this feature, it’s possible to add, remove, or replace members on the built-in local groups device’s. You can for example create policy for edit local Administrators groups and lock it down the members added..

Create policy

I want to add my Azure AD administrator to the local administrator groups on my workstations.

From the Intune portal, click on Endpoint security then on Account protection. Click on Create Policy for create new policy.

Manage user account - Create new policy

Select Windows 10 and later on the Platform drop-down list and Local user group membership on Profile drop-down list. Click on Create for create the policy.

Manage user account select profile type

Enter the name of the profile and click on Next.

Enter the name of the policy

I want to add user so I choose Users on Local group.

Select Users on Local group list

The Update action adds the user or group of users without modifying the group. The Replace action allows you to replace the entire group with the configuration made in Intune.

Select the desired action for add user

You can add users/groups present in the Azure AD or add account manually. Select Users/Groups and click on Select users/groups.

Select user and groups that you want

Select the desired user and click on Next. Configure the assignment . I choose to assign the policy on all devices.

Assign policy to group

Click on Create for create the policy. The policy is been applied and account has added on administrators groups.

Account has added

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.