Jan 24 2021 01:22 PM
Jan 25 2021 02:03 AM
Hi @SamSONACA,
Yeah, the "Policy CSP - UserRights" isn't really well documented.
This is how I've used it in my test environment:
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeSystemTime
Data Type: String
Value: *S-1-5-19*S-1-5-32-544*S-1-5-32-545
As mentioned in this article, it is better to use SIDs, because strings are localized for different languages. For reference, see Well-Known SID Structures.
Now, you have to be careful with the special character . Johan Arwidmark has already well explained in his blog how to handle this.
The real delimiter is: 
It has to be converted to:
In MEM, it will be displayed like this:
Im my case, the end user with standard user rights can only change the time through the "timedate.cpl". The shield of UAC is still displayed, but the end user is nevertheless able to change the time:
Jan 26 2021 01:58 PM
Fantastic! Thank you!
This worked.
Any suggestion to import all on-prem policies?
We are currently performing this task manually by bringing them over one by one, not sure if there is an automated way to do this.
Jan 27 2021 03:49 AM
@SamSONACA
At this time, there is unfortunately no automated way to perform this.
You can use the Group Policy analytics as an helper. You have still to create the desired configuration profiles manually, for the most policies that you currently have.
If your goal is migrating your current on-prem environment in the cloud, you should consider to not do a 1to1 migration of your GPO's. There are for sure some policies which should no more be needed, or which doesn't make any sense anymore. It's the right time to perform a cleanup action on your policies ;-).