Forum Discussion

Antony1108's avatar
Antony1108
Copper Contributor
May 01, 2024

Conflict status after having 2 Local user group membership Policy

Hello,  I have an issue with applying two "Local User Group Membership" policies on a PC. The Intune policy report shows a conflict between having two  "Local User Group Membership" policies despite...
Conditional Access
Intune
RobinWulz's avatar
RobinWulz
Copper Contributor
Jun 12, 2024

NicklasOlsen 

Well, the caution box is about a combination of replace and update rules which, according to the box, are not considered a conflict. The second sentence just explains the first one; you may have multiple policies assigned and they are not considered as conflicting if one updates the e.g. Administrators group and the second rule then replaces the Administrators group. 

Solely from this documentation, it says the exact opposite of what we are experiencing. Would be nice to know if this is a bug or actually expected behavior, confirmed by MS itself 🙂 

NicklasOlsen's avatar
NicklasOlsen
Iron Contributor
Jun 13, 2024
Hi RobinWulz,

I've been a little bit curious about this issue, and I tried to deploy two separate policies again with two different actions (update/replace). This will also cause a conflict, in my case.

Lastly, I have tried to combine the policies with the same action (update/update) into one policy that works without problems. If I were you, I would probably reach out to Intune support team on Twitter to get an answer from MS. 🙂

  • SoftD's avatar
    SoftD
    Copper Contributor
    Jan 03, 2026

    just to say that you still need one policy per device to manage local user and group memberships. Can be challenging in larger environments ;-)  Does anyone know if this is being changed in the near future ?  

  • Simon_Skotheimsvik's avatar
    Simon_Skotheimsvik
    Copper Contributor
    Jul 28, 2025

    Although this is an old thread, I came across the same situation with a customer today.

    Having two local user group membership policies targeting two different local security groups appears to be a valid setup, but it will result in a conflict as described above.

    Consolidating the policies to ensure only one policy reaches the devices resolves the conflict. This can become messy if you have an environment with diverse needs for local user group management, and you might be challenged in how you target the policies using include/exclude groups and filters. 

    Microsoft also documents this behaviour on the following page: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localusersandgroups?WT.mc_id=Portal-fx#can-i-apply-more-than-one-localuserandgroups-policyxml-to-the-same-device?wt.mc_id=MVP_314171


    "Can I apply more than one LocalUserAndGroups policy/XML to the same device?

    No, this is not allowed. Attempting to do so will result in a conflict in Intune."

     

  • itwaman's avatar
    itwaman
    Copper Contributor
    Sep 19, 2024

    Hi everyone

    we do have the same issue in my company 

    did anyone find the solution or the root cause of the conflict?