Public/TenantConfiguration/Baseline/ConfigurationPolicies/JyskIT-Baseline-SEC-LocalUserGroupMembership.json

{
  "templateReference": {
    "templateDisplayName": "Local user group membership",
    "templateFamily": "endpointSecurityAccountProtection",
    "templateId": "22968f54-45fa-486c-848e-f8224aa69772_1",
    "templateDisplayVersion": "Version 1"
  },
  "platforms": "windows10",
  "roleScopeTagIds": [
    "0"
  ],
  "technologies": "mdm",
  "description": "Make sure the local administrators group is only populated with the correct users",
  "name": "JyskIT-Baseline-SEC-LocalUserGroupMembership",
  "settings": [
    {
      "id": "0",
      "settingInstance": {
        "@odata.type": "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance",
        "settingInstanceTemplateReference": {
          "settingInstanceTemplateId": "de06bec1-4852-48a0-9799-cf7b85992d45"
        },
        "groupSettingCollectionValue": [
          {
            "settingValueTemplateReference": null,
            "children": [
              {
                "@odata.type": "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance",
                "settingInstanceTemplateReference": {
                  "settingInstanceTemplateId": "76fa254e-cbdb-4718-8bdd-cd41e57caa02"
                },
                "groupSettingCollectionValue": [
                  {
                    "settingValueTemplateReference": null,
                    "children": [
                      {
                        "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
                        "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_userselectiontype",
                        "choiceSettingValue": {
                          "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue",
                          "value": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_userselectiontype_manual",
                          "children": [
                            {
                              "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance",
                              "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_users",
                              "simpleSettingCollectionValue": [
                                {
                                  "value": "Administrator",
                                  "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue"
                                },
                                {
                                  "value": "#ReplaceGroupSID#_JyskIT-Baseline-SEC-LocalAdmins",
                                  "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue"
                                }
                              ]
                            }
                          ]
                        }
                      },
                      {
                        "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
                        "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_action",
                        "choiceSettingValue": {
                          "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue",
                          "value": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_action_add_restrict",
                          "children": []
                        }
                      },
                      {
                        "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance",
                        "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_desc",
                        "choiceSettingCollectionValue": [
                          {
                            "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue",
                            "value": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup_desc_administrators",
                            "children": []
                          }
                        ]
                      }
                    ]
                  }
                ],
                "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure_groupconfiguration_accessgroup"
              }
            ]
          }
        ],
        "settingDefinitionId": "device_vendor_msft_policy_config_localusersandgroups_configure"
      }
    }
  ],
  "assignments": [
    {
      "target": {
        "@odata.type" : "#microsoft.graph.allDevicesAssignmentTarget"
      }
    }
  ]
}