Let’s discuss How to Fix Conflict Status in Local user Group Membership Policy using Intune. Microsoft Intune users face an issue on local user group membership Policy. A status conflict occurred on after 2 local having user group membership Policy.
As you know that, As you know that, Local User Group Membership Policy in Intune This policy allows IT administrators to manage the membership of built-in local groups on Windows 10 and 11 devices using Microsoft Intune.
On the Intune Policy Report shows a conflict between having two “Local User Group Membership” policies despite having different configurations. There are many reasons behind this issue and users face after effects due to this issue.
In this blog post I would like to share How to Fix Conflict Status in Local user Group Membership Policy using Intune. Also I will share reasons, after effects of Conflict Status in Local user Group Membership Policy. If you are facing this issue, this blog post will help you.
Table of Contents
If it is not Possible to have Two “Local User Group Membership” Policies Applying to the PC?
The answer is no. under current Intune behavior, applying multiple “Local User Group Membership” policies to the same PC will trigger a conflict status, even if the policies address different local groups (like Administrators vs Remote Desktop Users).
How to Fix Conflict Status in Local user Group Membership Policy using Intune
As mentioned above, 2 Local user group membership Policy applied on a PC. Both policies, though addressing separate local groups (e.g., Administrators and Remote Desktop Users), are targeted to the same device, which triggers a conflict.
The main reason of this conflict is that, Intune’s current configuration management engine lacks granularity to independently evaluate each policy’s local group assignment. The following table shows the 2 Local user Group Membership Policy.
| Local user Group Membership Policy |
|---|
| Global Policy |
| More specific to a certain group |
- Best Guide to Create a Local User with Intune Remediation Script
- Create Local Admin Account on MacOS using Intune
- Best Guide to Deploy New Intune Company Portal App on Windows using Intune
Due to this issue, the Admin is raised many questions likes why does Intune mark these two policies as a conflict of each other? Is there a way to have a global policy for admin users on the PC and one more private policy for remote user access using “Local User Group Membership”?
Read More – Manage Local Admins using Intune Local User Group Membership Management Policy
Suggested Workarounds
To resolve this issue, you can follow some methods. You can try each methods and i hope these workaround will resolve the issue. The following are the Workarounds.
- Combine access requirements in a single policy and manage inclusion through Azure AD groups (or Entra groups).
- Use “Update” for Administrators and “Replace” for Remote Desktop Users in the same policy if combining is feasible.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.