Create Policy
Start by going to Microsoft Endpoint Manager
Once logged in goto Endpoint Security, Account Protection we can create a new policy.
Select Windows 10 or later, and then Local User Group Membership and click create.
Give it a name and then click Next
By Default this policy will try and add an Azure User/Group to the local admins group. Change User Selection Type dropdown to Manual for a local user account
Click on Select User(s)
For local users we can just enter the name of the local user account.
OK this and then click Next, and then Next again as we won’t be using Scope Tags in this example.
On the Assignments screen you can either select a group containing devices, Or click on Add All Devices
Final Comments
Once the policy has been in for a little while it will provide you with statistics (Success | Errors). These machines will need to be looked at seperatly but it’s likely the local account doesn’t exist.
