Applying Configuration profiles to a local user

Sebastian Urena Nembhard 1 Reputation point
2022-12-02T19:30:44.497+00:00

We have enrolled a device in Microsoft Endpoint Manager admin center, have assigned a custom app to it successfully, and have assigned a Configuration Profile to it. The Configuration Profile was only partially successful. We need the settings in the Configuration Profile to only apply to the local non-admin account on the device and not to the local admin account on the device, but the Configuration Profile only sets the local admin account’s settings on the device and not the local non-admin account’s settings. Is this possible on Intune? And if so how do we go about doing it?
Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,991 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,901 Reputation points Microsoft Employee
    2022-12-05T09:09:17.35+00:00

    Hello @Sebastian Urena Nembhard ,

    Thank you for posting your query on Microsoft Q&A. Intune policies recognize only Azure AD security groups. As a result, exclusion on inclusion via assignment is possible for them. However, it won't be possible to apply a policy specific to a specific non-admin local group.

    As a workaround I would suggest promoting 1 AAD user as local admin on all AAD joined machines and exclude it from the policy.

    267163-image.png

    Please do let me know if you have any further queries in the comments section.

    Thanks,
    Akshay Kaushik

    Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.