Users may be unable to access their Intune managed devices if a “UserRights” policy is deployed to their device

Title: Users may be unable to access their Intune managed devices if a “UserRights” policy is deployed to their device

User impact: Users may be unable to access their Intune managed devices if a “UserRights” policy is deployed to their device.

More info: Users may have noticed that their devices may have been inaccessible if the admin deployed the 23H2 version of Windows Security baseline security policies within Microsoft Intune. English OS devices were not impacted by this event. This issue only affected non-English OS devices.

Further details regarding “UserRights” security policies can be found here: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-userrights

Final status: We finished deploying our fix and subsequently confirmed via internal testing that the problem is resolved. Moving forward, we recommend creating a new profile to leverage “UserRights” on non-English OS devices as our mitigation will not retroactively fix preexisting device profiles.

Start time: Monday, April 1, 2023, at 12:00 AM UTC

End time: Saturday, April 13, 2024 at 1:00 AM UTC

Root cause: A recent update introduced an additional set of “UserRights” security policies that could be configured for your users’ devices. When configuring these policies, the pre-loaded recommended values were not localized to non-English OS devices. If deployed, this could have potentially caused users to be unable to access their Microsoft Intune managed devices.

Next steps:
– We’re reviewing our service update procedures to better understand why this issue occurred so we can identify methods to better prevent similar events in the future.

This is the final update for the event.