Microsoft 365 Alert – Service Degradation – Microsoft Intune – Users may be unable to access their Intune managed devices if a “UserRights” policy is deployed to their device – RESOLVED

10/04/2024 09:20:00 AM

NHSmail Reference: INC42387029

Microsoft Reference: IT773677

Issue Status: RESOLVED

Issue Description: Users may be unable to access their Intune managed devices if a “UserRights” policy is deployed to their device.

More info: Users may notice that their devices may be inaccessible if the admin deploys the 23H2 version of Windows Security baseline security policies within Microsoft Intune. English OS devices are not impacted by this event. This issue only affects non-English OS devices.

Further details regarding “UserRights” security policies can be found here: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-userrights

Final Update: 15/04/2024 08:56:00 AM – Microsoft finished deploying their fix and subsequently confirmed via internal testing that the problem is resolved. Moving forward, they recommend creating a new profile to leverage “UserRights” on non-English OS devices as their mitigation will not retroactively fix preexisting device profiles.

Scope of impact: This issue could impact any of your users’ ability to access their Microsoft Intune managed devices if a “UserRights” security policy has been deployed to their device

Root cause: A recent update introduced an additional set of “UserRights” security policies that can be configured for your users’ devices. When configuring these policies, the pre-loaded recommended values are not localized to non-English OS devices. If deployed this could potentially cause users to be unable to access their Microsoft Intune managed devices

Next steps: Microsoft are reviewing their service update procedures to better understand why this issue occurred so they can identify methods to better prevent similar events in the future.